none
Lesson Learned ??? Implementation on a portion of DC's. RRS feed

  • Question

  • So we first built our ATA in March 2016 on v.1.5.

    Due to those requirements, we could only do a Central Server and two Gateway servers to a portion of our DC's; 3 vm-based Domain Controllers.

    After the v.1.6 release - I was able to get Chg. Mgmt approved to do the Lite Gateway on the remaining 15 domain controllers (two physical devices and 13 remote devices).  So, we have nearly three months of data from first three DC's.   We brought the other 15 light gateways online on the other 15 domain controllers for the past week.

    Over the last two days, we're getting flooded w/ "Suspicion of Identity Theft based on abnormal behavior" alerts.  I'd guess the past three months - ATA saw the activity on the three domain controllers and set that baseline for that user.  Now, in the past week we get activity from 15 additional DC's and ATA sees that as "unusual behavior"???

    Every one of the alerts have been explainable.

    Tuesday, June 14, 2016 8:28 PM

All replies

  • Hi Bjarni2007,

    We identified a problem in the latest release of ATA and we are going to release a fix for this issue in the coming days.

    Thanks,

      Microsoft ATA Team.

    Wednesday, June 15, 2016 5:05 AM
  • Where would we pickup this patch the Demo>Download webpage or the VLSC page?

    Suggestion:  Have Microsoft provide a little better method of distribution for this software, that doesn't feel so "beta"...

    Thursday, June 16, 2016 10:07 PM
  • Hi Bjarni2007,

    You can download the updated version from the following link:

    http://www.microsoft.com/en-us/download/details.aspx?id=52046

    You can also re-download from the eval center as we refreshed the version there.

    We are planning to distribute this update also via Microsoft Update but this may take some time.

    Thanks,

      Microsoft ATA Team.

    Friday, June 17, 2016 5:43 AM