Microsoft Advanced Threat Analytics announcement
-
Link
Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.
For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .
For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet
-
0 VotesDatabase Size Getting Big
I am running ATA version 1.9.7412.9649. The MongoDB is at 51 GB. What are my options for shrinking the database? I need to clear up space on the server. Thank you!Unanswered | 13 Replies | 233 Views | Created by J_2017 - Tuesday, September 24, 2019 6:49 PM | Last reply by Eli Ofek - 10 hours 53 minutes ago
-
0 Votes
Advanced Threat Analytics - next release?
When is the next version of ATA coming out? And is there a preview, insider or beta version that we can test in advance? It seems like development on this product has slowed down. Can someone point me ...Unanswered | 1 Replies | 88 Views | Created by jrauman - Wednesday, October 9, 2019 8:22 PM | Last reply by Eli Ofek - Wednesday, October 9, 2019 9:02 PM -
0 Votes
Crash Dumps Edge and Scvhost
I have been getting security mitigation codes in event viewer that Edge is constantly being stopped from running dynamic code and something about scvhost creating child objects and changing firewall ...Unanswered | 2 Replies | 67 Views | Created by CantCode4life - Wednesday, October 9, 2019 1:24 AM | Last reply by Udara Kaushalya - Wednesday, October 9, 2019 5:37 AM -
0 Votes
Update ATA Lightweight Gateway questions
I am looking to apply update 2 (from 1.9 build 1.9.7312) and wanted to know a little bit more about the process, specifically for the lightweight gateways on the DC's. It appears to be ...Unanswered | 4 Replies | 189 Views | Created by ManofMarsh - Sunday, September 22, 2019 11:27 PM | Last reply by ManofMarsh - Tuesday, October 1, 2019 3:02 PM -
1 Votes
ATA MongoDB encryption at rest
Hi, I have been asked by a Security Team if the data stored in the ATA MongoDB is encrypted at rest. I cannot find this information anywhere. I know that MongoDB that uses ...Answered | 1 Replies | 140 Views | Created by Stuart Townsend - Thursday, September 26, 2019 1:28 PM | Last reply by Eli Ofek - Thursday, September 26, 2019 2:45 PM -
0 Votes
Reconnaissance using directory services queries
Hi all, Can you please help me with this alert? It triggered in the ATA portal. I do not know how to clear it. Please help me understand and clear this alert. I ...Unanswered | 1 Replies | 149 Views | Created by fermelr - Monday, September 23, 2019 8:46 AM | Last reply by Eli Ofek - Monday, September 23, 2019 11:43 AM -
0 Votes
ATA Update available but not showing on Windows Update
Hello, My ATA Center tells me there is an update available and I can use Microsoft Update to download and install it. My current version is 1.9.7312.32791 and the ...Unanswered | 2 Replies | 197 Views | Created by netdiag - Monday, September 16, 2019 4:55 PM | Last reply by Udara Kaushalya - Friday, September 20, 2019 3:52 PM -
0 Votes
Kerberoasting a Honeytoken - Suspicious Activity Raised?
If an attacker requests a service ticket for a Honeytoken account (not attempting a logon, just asking for a service ticket) should that generate a suspicious activity?Unanswered | 4 Replies | 281 Views | Created by H Kelley - Thursday, August 29, 2019 7:52 PM | Last reply by H Kelley - Friday, September 13, 2019 1:00 PM -
0 Votes
Enabling log monitoring & setting up using SIEM.
Hi there, I am planning on setting more logging options using SIEM tool. I found a document in one of the Microsoft websites sometime ago which explains about enabling ...Answered | 3 Replies | 280 Views | Created by mywindows - Wednesday, September 4, 2019 4:44 PM | Last reply by mywindows - Wednesday, September 11, 2019 6:56 PM -
0 Votes
Forwarding events still usable?
Hi there, we've just enabled event-forwarding for our ATA deployment (version 1.9.7478.57683). It looks like the events are not processed since there are no ...Answered | 1 Replies | 199 Views | Created by m.glende - Wednesday, September 11, 2019 2:51 PM | Last reply by Eli Ofek - Wednesday, September 11, 2019 6:36 PM -
0 Votes
WINDOWS 10 SERVICES, START NAME UNAVAILABLE, USERDATA STORAGE_1116fec UNISTACKSVCGROUP
CAN ANYONE IDENTIFY THESE SERVICES RUNNING ON MY WINDOWS TEN PRO: THE START NAME SAYS NOT AVAILABLE AND THE SERVICE TYPE IS UNKNOWN AND THEY WILL NOT ALLOW ...Unanswered | 1 Replies | 236 Views | Created by XRTWE8127 - Saturday, September 7, 2019 12:54 AM | Last reply by Andy Liu50 - Monday, September 9, 2019 2:03 AM -
0 Votes
Group Policy Drive Mappings taking 70 seconds
Hello, I'm having an issue with one of the staff where i work, where the Drive mappings from group policy take 70 seconds. I've checked the event viewer of the ...Unanswered | 1 Replies | 192 Views | Created by Blackholden99 - Thursday, September 5, 2019 10:16 AM | Last reply by Andy Liu50 - Friday, September 6, 2019 1:14 AM -
0 Votes
SAMRi10 - SAMR calls on Windows 10 logoff
We are looking into activating the GPO setting "Restrict clients allowed to make remote calls SAM" to prevent recon attacks on our domain controllers. ...Unanswered | 2 Replies | 299 Views | Created by Ad_min - Wednesday, September 4, 2019 10:32 AM | Last reply by Ad_min - Thursday, September 5, 2019 6:58 AM -
0 Votes
Need a clean way to distinctly identify between RDP and TS sessions.
We are using Win32 APIs ProcessIdToSessionId and GetSystemMetrics(SM_REMOTESESSION) to identify whether the session is remote or local. But we currently don’t have a clean way ...Answered | 1 Replies | 212 Views | Created by Phoon_2010 - Wednesday, September 4, 2019 9:43 AM | Last reply by Andy Liu50 - Thursday, September 5, 2019 12:30 AM -
0 Votes
ATA - Event ID 7031 - The MS ATA Gateway service terminated unexpectedly (only on 2016 servers).
ATA Version 1.9.7478.57683 This is only happening on our Server 2016 boxes (2012 R2 boxes are fine) where the service restarts on Monday's at 2:45 PM ONLY. We ...Unanswered | 1 Replies | 227 Views | Created by Spd-demon - Tuesday, September 3, 2019 7:05 PM | Last reply by Eli Ofek - Tuesday, September 3, 2019 7:56 PM -
0 Votes
Is there a way synchronize historical event log into ATA?
So we just reinstalled our DCs for some reason, but we kept the old dc server instances, so did the event logs. Since "The ATA Center requires a recommended ...Unanswered | 1 Replies | 208 Views | Created by uihih - Tuesday, September 3, 2019 1:38 PM | Last reply by Eli Ofek - Tuesday, September 3, 2019 3:12 PM -
0 Votes
Sensitive Group change information
Hi all is some how possible to send immediately mail when some of sensitive group are changed? Now we get this info only in summarize ...Unanswered | 3 Replies | 259 Views | Created by KONIKPK - Tuesday, August 27, 2019 8:25 AM | Last reply by Ohad Plotnik-Aorato - Tuesday, September 3, 2019 12:33 PM -
0 Votes
Malware
Anybody with Idea about SETO file extensmion. All my files turned into SETO extension, is this a malware? Please help if you know how to fix ...Unanswered | 4 Replies | 536 Views | Created by Dennis Epson - Monday, September 2, 2019 1:05 PM | Last reply by Udara Kaushalya - Tuesday, September 3, 2019 12:59 AM -
0 Votes
Auditing SAMR queries
We have been seeing an abnormally high detections of reconnaissance of AD using the SAMR protocol. According to the ATA documentation on Suspicious activity guide, it recommend using the SAMRi10 ...Proposed | 3 Replies | 3709 Views | Created by Evers_mark - Wednesday, November 15, 2017 4:06 PM | Last reply by Ad_min - Wednesday, August 28, 2019 2:22 PM -
0 Votes
Network Activities tab in download details of the ATA alert.
After upgrading to Version 1.9.7478.57683, our incident response team has noticed that the Network Activities tab is missing from some of the alerts like "Suspicion of identity theft ...Unanswered | 7 Replies | 383 Views | Created by Ed Healea - Wednesday, August 7, 2019 8:39 PM | Last reply by Eli Ofek - Tuesday, August 27, 2019 8:00 PM - Items 1 to 20 of 1133 Next ›
Microsoft Advanced Threat Analytics announcement
-
Link
Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.
For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .
For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet
