Microsoft Advanced Threat Analytics announcement
-
Link
Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.
For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .
For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet
-
0 Votes
Will the DNS Recon alert be triggered if forwarders are used?
Hello, I setup ATA 1.9 in my dev environment recently. I'm going through the attack playbook and triggering alerts. For the DNS Recon alert that is ...Unanswered | 1 Replies | 38 Views | Created by netdiag - Thursday, February 21, 2019 5:15 PM | Last reply by Eli Ofek - 23 hours 12 minutes ago -
0 Votes
ATA Gateway PostAsync failed / Could not create SSL/TLS secure channel
I wanted to post my findings as this was a solution to an issue I experienced that I could not find a resolution to online related to this issue. The ATA Gateway (normal and Lightweight) would ... -
0 Votes
AES and DES
Dear i need to know the mathematical function for both AES " advance Encryption Standard" and DES " Data Encryption ...Unanswered | 1 Replies | 41 Views | Created by Muhannad Tahboush - Tuesday, February 19, 2019 5:46 PM | Last reply by Andy Liu50 - Wednesday, February 20, 2019 7:25 AM -
0 Votes
Digitally Sign and / or Encrypt ATA Reports
Can you please advise if there is a method to digitally sign or encrypt ATA reports sent to email recipients? Thank youProposed | 1 Replies | 85 Views | Created by Securitt - Wednesday, February 13, 2019 7:16 PM | Last reply by Eli Ofek - Thursday, February 14, 2019 12:12 AM -
1 Votes
Non-existing account attempted logon from Unresolved computer account
Hi I have activities where user logons that are non existent in our domain tries to logon from a computer account that is unresolved. I have checked ...Unanswered | 3 Replies | 295 Views | Created by Peter Samuelsson - Wednesday, October 24, 2018 11:03 AM | Last reply by bpfoley451 - Wednesday, February 13, 2019 7:41 PM -
0 Votes
Variable String API
Is there a way to pass a variable string to the ATA Center Console? For instance if an ATA event in a SIEM passed an integration command that contained a ...Answered | 2 Replies | 134 Views | Created by Securitt - Wednesday, January 30, 2019 2:48 PM | Last reply by Securitt - Wednesday, February 13, 2019 7:23 PM -
0 Votes
User Profile / account activities details
We have ATA implemented recently, I would like to know to what level ATA can provide user account activities details under user profile. Scenario - 2 days ago Monica's account ...Answered | 3 Replies | 148 Views | Created by Bharath Kumar S.M - Wednesday, February 6, 2019 2:40 AM | Last reply by Bharath Kumar S.M - Tuesday, February 12, 2019 3:08 AM -
0 Votes
Teamed NIC on ATA Center and now Gateways are not receiving DC traffic
I was recently required to team two NICs on the ATA Center server using Windows Server OS teaming. After teaming the NICs the health report had entries that neither of my Gateway servers were ...Unanswered | 3 Replies | 127 Views | Created by jship - Monday, February 11, 2019 6:38 PM | Last reply by Eli Ofek - Monday, February 11, 2019 10:10 PM -
0 Votes
Lightweight Gateway installation fails on only two Domain Controllers on same site.
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IdentityModel.Tokens.SecurityTokenValidationException: Failed to ...Answered | 5 Replies | 187 Views | Created by Choll152 - Thursday, January 24, 2019 4:13 PM | Last reply by Choll152 - Monday, February 11, 2019 10:12 AM -
0 Votes
Create new certificate for the ATA Center
Hi, Kindly need your help how to create new certificate for the ATA Center (step by step) as we are receiving the below alert in ...Answered | 1 Replies | 118 Views | Created by AhmadJY - Sunday, February 10, 2019 2:54 PM | Last reply by Eli Ofek - Sunday, February 10, 2019 4:23 PM -
0 Votes
All ATA Events Forwarded to SIEM
Is it possible to forward All ATA console events to the notifications for SIEM via syslog ? We are sending events to the SIEM via syslog, but only alerts are ...Answered | 2 Replies | 140 Views | Created by Securitt - Thursday, February 7, 2019 9:50 PM | Last reply by Eli Ofek - Friday, February 8, 2019 10:54 PM -
0 Votes
Different Alerts are trigerred time to time
We are new to ATA 1.9 so don't know how to remediate alerts what action needs to be done against alerts , so here is a request anybody can refer us the guidance or links so that we ...Unanswered | 1 Replies | 99 Views | Created by Safwan syed - Wednesday, February 6, 2019 9:57 AM | Last reply by Andy Liu50 - Thursday, February 7, 2019 5:29 AM -
0 Votes
Abnormal behavior - CIFS listed as service type in ATA but the host doesn't have that service listed in servicePrincipalName attribute
We periodically get "Suspicion of identity theft based on abnormal behavior" alerts where a user is requesting CIFS access for nearby PCs. The "CIFS" string is ...Unanswered | 2 Replies | 144 Views | Created by H Kelley - Friday, February 1, 2019 5:36 PM | Last reply by H Kelley - Wednesday, February 6, 2019 2:37 AM -
0 Votes
Inconsistency For Alert Generation (Malicious Replication of Directory Services) ATA v1.9.1
I'm currently testing the workflow we've set up as a response to Malicious Replication of Directory Services detection but ATA doesn't generate the alert consistently. Specifically I'm seeing ...Unanswered | 4 Replies | 156 Views | Created by cyddavis - Thursday, January 31, 2019 6:34 PM | Last reply by cyddavis - Tuesday, February 5, 2019 1:32 PM -
0 Votes
Windows Defender is blocked by Group Policy
Hello Dear people, I have a pop-up and it written "Windows Defender is blocked by Group Policy". What is this? Please help. MarryUnanswered | 2 Replies | 253 Views | Created by Marry55 - Tuesday, December 11, 2018 11:15 PM | Last reply by Marry55 - Monday, February 4, 2019 9:31 AM -
0 Votes
Microsoft ATA RESTful API
Is there any RESTful API available for Micrsoft ATA??Unanswered | 2 Replies | 137 Views | Created by rovish2204 - Thursday, January 31, 2019 11:17 AM | Last reply by H Kelley - Friday, February 1, 2019 5:19 PM -
0 Votes
ATA - Dual Factor Authentication
Is there a way to integrate dual factor authentication with the ATA center? Such as Smart Card authentication, or RSA Token authentication in addition to the active directory single ...Unanswered | 1 Replies | 138 Views | Created by Securitt - Wednesday, January 30, 2019 2:19 PM | Last reply by Andy Liu50 - Thursday, January 31, 2019 6:43 AM -
0 Votes
Computer/User view page refreshes every 5s
When I click on a computer or user object to view its timeline, whether it was involved in a suspicious activity or not, the page keeps refreshing every 5s thus not allowing me to perform an ...Unanswered | 11 Replies | 589 Views | Created by J0A0 PAUL0 - Monday, June 11, 2018 2:07 PM | Last reply by Spd-demon - Wednesday, January 30, 2019 9:27 PM -
0 Votes
ATA and DNS Traffic
We do not use AD for our DNS server. Do we need to SPAN or TAP our DNS servers? We don't care about zone transfers as we have this locked down and get these alerts via other means. ...Unanswered | 1 Replies | 140 Views | Created by mcglynn1 - Wednesday, January 30, 2019 6:22 PM | Last reply by Eli Ofek - Wednesday, January 30, 2019 7:10 PM -
0 Votes
False pass-the-hash when Citrix pass-through authentication in use
I have recently installed ATA (1.8.6645.28499). It is now in to the second week of its learning phase and it is raising a considerable number of false pass-the-hash alerts when users initiate ...Unanswered | 5 Replies | 694 Views | Created by RichardATA - Wednesday, December 20, 2017 10:14 AM | Last reply by RichardATA - Wednesday, January 30, 2019 2:53 PM - Items 1 to 20 of 1050 Next ›
Microsoft Advanced Threat Analytics announcement
-
Link
Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.
For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .
For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet