Microsoft Advanced Threat Analytics announcement
-
Link
Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.
For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .
For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet
-
0 VotesUpgrade 1.9.0 to 1.9.1
Apologies if I'm being dense - I'm on 1.9 today and see 1.9.1 has been released. Are there new features? The What's New page was last change in March 2018, ...
-
3 Votes
WUDO Causing Suspicion of identity theft based on abnormal behavior alert to trigger several times per hour
After several weeks of trying to track down the root cause of the above mentioned ATA alert, we have determined WUDO is possibly causing the above mentioned ATA alert to fire. ATA ...Unanswered | 9 Replies | 352 Views | Created by Lyn Dan - Wednesday, May 16, 2018 9:52 PM | Last reply by Jonathan Monsonego - Thursday, August 16, 2018 10:38 AM -
1 Votes
LWGW 1.9 Will Not Start: System.InvalidOperationException: Sequence contains more than one element
ATA agent 1.9.7312.32791 will not start. Running on a Server 2016 Standard DC. Microsoft.Tri.Gateway-Errors log indicates this error over and over again: 2018-08-07 ...Discussion | 3 Replies | 103 Views | Created by N11k0 - Tuesday, August 7, 2018 5:56 PM | Last reply by Eli Ofek - Tuesday, August 14, 2018 1:46 PM -
3 Votes
Suspicion of identity theft based on abnormal behavior
Hello, We have ATA running for about 2-3 months now. Until now I had only fals alerts. That is good I think, but one thing is very annoying. ATA ...Unanswered | 4 Replies | 258 Views | Created by Deas - Monday, June 18, 2018 7:23 AM | Last reply by BrianHow - Monday, August 13, 2018 1:22 PM -
0 Votes
Upgrade to version 1.9
I am currently running Microsoft Advanced Threat Analytics v1.8.6765.36693. I am running Windows Server 2012 R2 [Version 6.3 (Build 9600)}. The ATA database on is stored on the D: volume. ...Unanswered | 1 Replies | 72 Views | Created by Durggin - Friday, August 10, 2018 3:20 PM | Last reply by Eli Ofek - Friday, August 10, 2018 9:03 PM -
0 Votes
Is anyone forwarding events to SIEM?
We use SumoLogic and I want forward ATA events to Sumo. Has anyone set up forwarding events to their SIEM? I set up Syslog collector in Sumo and configured the Syslog server in ATA, but not sure where ...Unanswered | 1 Replies | 82 Views | Created by GAyoub - Tuesday, August 7, 2018 7:59 PM | Last reply by Andy Liu50 - Wednesday, August 8, 2018 8:26 AM -
1 Votes
ATA/ATP Sensor Opening RDP sessions on 3389 - Why?
We discovered that all of our domain controllers are trying to connect to many machines in our domain (workstations, fileservers, others) using RDP (Port 3389). When we investigated the process, ...Unanswered | 2 Replies | 114 Views | Created by Bryan Loveless - Friday, August 3, 2018 5:25 PM | Last reply by Bryan Loveless - Friday, August 3, 2018 10:31 PM -
0 Votes
Database restore fails
2018-07-30 10:28:35.4052 4356 9 Debug [EntityProfiler] Initializing 2018-07-30 10:28:35.4804 4356 5 Error [Enumerable] System.InvalidOperationException: Sequence contains more than one ...Answered | 8 Replies | 118 Views | Created by R___B - Monday, July 30, 2018 10:44 AM | Last reply by Eli Ofek - Wednesday, August 1, 2018 9:10 AM -
0 Votes
ATA: restore database from backup - full Disaster Recovery steps?
I'd like to know how to restore the ATA database onto a new machine from backup. A few of the ATA product pages touch on this, but none give a full restore ...Discussion | 4 Replies | 132 Views | Created by R___B - Monday, July 23, 2018 1:47 PM | Last reply by R___B - Monday, July 30, 2018 1:41 PM -
0 Votes
How to install ATA Center synchronously?
I have a powershell script that I run to install and configure a new Center installation. When I run my install line, & "${ISODrive}:\Microsoft ATA ...Answered | 2 Replies | 91 Views | Created by R___B - Thursday, July 26, 2018 1:28 PM | Last reply by R___B - Thursday, July 26, 2018 2:57 PM -
0 Votes
Changed certificate from selfsigned to internal PKI on ATA 1.9 gives Decrypt 0x80090010 error after activation
When I changed certificate from selfsigned to enrollment from internal PKI , it give no error, and after all gateway have synced the changed I activated the new configuration. I get error in log ...Unanswered | 6 Replies | 320 Views | Created by Niklas Lilja (Outlook) - Tuesday, May 8, 2018 4:46 AM | Last reply by Eli Ofek - Tuesday, July 24, 2018 8:15 PM -
0 Votes
Gateway unable to register to ATA center
Hi, We are running light weight gateways on domain controllers, we are using a windows 2012 server for ATA center. 4 of the gateways registered with the ATA ...Unanswered | 7 Replies | 247 Views | Created by JunaidMA - Monday, July 16, 2018 11:20 AM | Last reply by JunaidMA - Tuesday, July 24, 2018 12:10 PM -
0 Votes
Windows Defender Exclusions File location
I currently have a virus on my computer that has added it's own files to my windows defender exclusion list and has made them unable to be removed on the app so I'm wondering if someone could tell me ...Unanswered | 1 Replies | 121 Views | Created by Tom Murphy Rowe - Sunday, July 22, 2018 8:25 AM | Last reply by Andy Liu50 - Monday, July 23, 2018 6:07 AM -
0 Votes
ATA update to 1.9 fails
Hello, I'm having trouble updating ATA (1.8.6765) to 1.9. I've tried updating from windows update which fails along with the standalone installer which fails with the same error (below). Once the ...Unanswered | 17 Replies | 646 Views | Created by sjonesist - Tuesday, April 17, 2018 8:13 PM | Last reply by Durggin - Saturday, July 21, 2018 10:20 AM -
0 Votes
1.9 Install/Upgrade
When installing ATA 1.9, I am unable to install the db on a seperate drive. The installation fails. When I install on the default drive and attempt to move the db, the ATA service refuses ...Unanswered | 4 Replies | 129 Views | Created by Durggin - Friday, July 20, 2018 2:27 AM | Last reply by Durggin - Friday, July 20, 2018 4:54 PM -
0 Votes
ATA Alerts-Reconnaissance using directory services queries
Got an ATA alert for Reconnaissance using directory services queries from one of the user and his machine. He queried against 5 Sensitive accounts but the user is not aware of ...Unanswered | 4 Replies | 534 Views | Created by Rahul Benjamin - Thursday, April 19, 2018 12:28 PM | Last reply by Bill Dewey - Friday, July 20, 2018 3:23 PM -
1 Votes
ATA without NETBIOS
Hi all Is there any chance to run Advanced Threat Analytics without using NETBIOS ? We disabled NETBIOS over TCP/IP on all DC`s in our company ...Unanswered | 2 Replies | 143 Views | Created by TorPa - Thursday, July 19, 2018 9:08 AM | Last reply by TorPa - Friday, July 20, 2018 6:53 AM -
0 Votes
Tracking down cause of "Suspicious authentication failures" alerts
Our site is currently testing the ATA product and we have been receiving random alerts on different servers Suspicious authentication ...Unanswered | 3 Replies | 219 Views | Created by tszilagyi3 - Wednesday, July 11, 2018 1:51 PM | Last reply by clarked - Wednesday, July 18, 2018 4:59 PM -
0 Votes
Documented Lightweight Gateway Upgrade Rollback?
Is there a documented or recommended procedure for reverting a Lightweight Gateway upgrade? Is reverting an ATA upgrade supported? I need to submit install and back out ...Proposed | 2 Replies | 111 Views | Created by cyddavis - Monday, July 16, 2018 6:11 PM | Last reply by Andy Liu50 - Tuesday, July 17, 2018 5:37 AM -
0 Votes
Computer/User view page refreshes every 5s
When I click on a computer or user object to view its timeline, whether it was involved in a suspicious activity or not, the page keeps refreshing every 5s thus not allowing me to perform an ...Unanswered | 6 Replies | 208 Views | Created by J0A0 PAUL0 - Monday, June 11, 2018 2:07 PM | Last reply by Eli Ofek - Monday, July 16, 2018 7:17 PM - Items 1 to 20 of 952 Next ›
Microsoft Advanced Threat Analytics announcement
-
Link
Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.
For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .
For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet
