This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use. Learn more
  • TechNet
  • Products
  • IT Resources
  • Downloads
  • Training
  • Support
Products
  • Windows
  • Windows Server
  • System Center
  • Microsoft Edge
 
  • Office
  • Office 365
  • Exchange Server
 
  • SQL Server
  • SharePoint Products
  • Skype for Business
  • See all products »
Resources
  • Channel 9 Video
  • Evaluation Center
  • Learning Resources
  • Microsoft Tech Companion App
  • Microsoft Technical Communities
  • Microsoft Virtual Academy
  • Script Center
  • Server and Tools Blogs
  • TechNet Blogs
 
  • TechNet Flash Newsletter
  • TechNet Gallery
  • TechNet Library
  • TechNet Magazine
  • TechNet Wiki
  • Windows Sysinternals
  • Virtual Labs
Solutions
  • Networking
  • Cloud and Datacenter
  • Security
  • Virtualization
Updates
  • Service Packs
  • Security Bulletins
  • Windows Update
Trials
  • Windows Server 2016
  • System Center 2016
  • Windows 10 Enterprise
  • SQL Server 2016
  • See all trials »
Related Sites
  • Microsoft Download Center
  • Microsoft Evaluation Center
  • Drivers
  • Windows Sysinternals
  • TechNet Gallery
Training
  • Expert-led, virtual classes
  • Training Catalog
  • Class Locator
  • Microsoft Virtual Academy
  • Free Windows Server 2012 courses
  • Free Windows 8 courses
  • SQL Server training
  • Microsoft Official Courses On-Demand
Certifications
  • Certification overview
  • Special offers
  • MCSE Cloud Platform and Infrastructure
  • MCSE: Mobility
  • MCSE: Data Management and Analytics
  • MCSE Productivity
Other resources
  • Microsoft Events
  • Exam Replay
  • Born To Learn blog
  • Find technical communities in your area
  • Azure training
  • Official Practice Tests
Support options
  • For business
  • For developers
  • For IT professionals
  • For technical support
  • Support offerings
More support
  • Microsoft Premier Online
  • TechNet Forums
  • MSDN Forums
  • Security Bulletins & Advisories
Not an IT pro?
  • Microsoft Customer Support
  • Microsoft Community Forums
Security TechCenter
 
Sign in
United States (English)Drop down arrow
Brasil (Português)Česká republika (Čeština)Deutschland (Deutsch)España (Español)France (Français)Indonesia (Bahasa)Italia (Italiano)România (Română)Türkiye (Türkçe)Россия (Русский)ישראל (עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中国 (中文)台灣 (中文)日本 (日本語)
 
 
HomeSecurity BulletinsToolsLearnLibrarySupport
Ask a question
Quick access
  • Forums home
  • Browse forums users
  • FAQ
Announcement: 1

Microsoft Advanced Threat Analytics announcement

  • Link
    Welcome to Microsoft Advanced Threat Analytics forum
    ophirp Monday, May 4, 2015 2:52 PM

    Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.

    For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .

    For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet

  • Remove From My Forums

Forums [ view all ]

Selected forums

Clear
Microsoft Advanced Threat Analytics
x
Filter : All threads
All threads
Answered
Unanswered
Proposed answers
General discussion

No replies
Helpful
Has code

All languages
Sort : Most recent post
  • Most recent post
  • Most recent thread
  • Total votes
  • Total replies
  • large check mark
    0 Votes

    Will the DNS Recon alert be triggered if forwarders are used?

    Security
     > 
    Microsoft Advanced Threat Analytics
    Hello,  I setup ATA 1.9 in my dev environment recently.  I'm going through the attack playbook and triggering alerts. For the DNS Recon alert that is ...
    Unanswered | 1 Replies | 38 Views | Created by netdiag - Thursday, February 21, 2019 5:15 PM | Last reply by Eli Ofek - 23 hours 12 minutes ago
  • large check mark
    0 Votes

    ATA Gateway PostAsync failed / Could not create SSL/TLS secure channel

    Security
     > 
    Microsoft Advanced Threat Analytics
    I wanted to post my findings as this was a solution to an issue I experienced that I could not find a resolution to online related to this issue.  The ATA Gateway (normal and Lightweight) would ...
    Discussion | 0 Replies | 25 Views | Created by brentil - Wednesday, February 20, 2019 4:29 PM
  • large check mark
    0 Votes

    AES and DES

    Security
     > 
    Microsoft Advanced Threat Analytics
    Dear  i need to know the mathematical function for both AES " advance Encryption Standard" and DES "  Data Encryption ...
    Unanswered | 1 Replies | 41 Views | Created by Muhannad Tahboush - Tuesday, February 19, 2019 5:46 PM | Last reply by Andy Liu50 - Wednesday, February 20, 2019 7:25 AM
  • large check mark
    0 Votes

    Digitally Sign and / or Encrypt ATA Reports

    Security
     > 
    Microsoft Advanced Threat Analytics
    Can you please advise if there is a method to digitally sign or encrypt ATA reports sent to email recipients? Thank you
    Proposed | 1 Replies | 85 Views | Created by Securitt - Wednesday, February 13, 2019 7:16 PM | Last reply by Eli Ofek - Thursday, February 14, 2019 12:12 AM
  • large check mark
    1 Votes

    Non-existing account attempted logon from Unresolved computer account

    Security
     > 
    Microsoft Advanced Threat Analytics
    Hi  I have activities where user logons that are non existent in our domain tries to logon from a computer account that is unresolved.  I have checked ...
    Unanswered | 3 Replies | 295 Views | Created by Peter Samuelsson - Wednesday, October 24, 2018 11:03 AM | Last reply by bpfoley451 - Wednesday, February 13, 2019 7:41 PM
  • large check mark
    0 Votes

    Variable String API

    Security
     > 
    Microsoft Advanced Threat Analytics
    Is there a way to pass a variable string to the ATA Center Console? For instance if an ATA event in a SIEM passed an integration command that contained a ...
    Answered | 2 Replies | 134 Views | Created by Securitt - Wednesday, January 30, 2019 2:48 PM | Last reply by Securitt - Wednesday, February 13, 2019 7:23 PM
  • large check mark
    0 Votes

    User Profile / account activities details

    Security
     > 
    Microsoft Advanced Threat Analytics
    We have ATA implemented recently, I would like to know to what level ATA can provide user account activities details under user profile. Scenario - 2 days ago Monica's account ...
    Answered | 3 Replies | 148 Views | Created by Bharath Kumar S.M - Wednesday, February 6, 2019 2:40 AM | Last reply by Bharath Kumar S.M - Tuesday, February 12, 2019 3:08 AM
  • large check mark
    0 Votes

    Teamed NIC on ATA Center and now Gateways are not receiving DC traffic

    Security
     > 
    Microsoft Advanced Threat Analytics
    I was recently required to team two NICs on the ATA Center server using Windows Server OS teaming.  After teaming the NICs the health report had entries that neither of my Gateway servers were ...
    Unanswered | 3 Replies | 127 Views | Created by jship - Monday, February 11, 2019 6:38 PM | Last reply by Eli Ofek - Monday, February 11, 2019 10:10 PM
  • large check mark
    0 Votes

    Lightweight Gateway installation fails on only two Domain Controllers on same site.

    Security
     > 
    Microsoft Advanced Threat Analytics
    System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IdentityModel.Tokens.SecurityTokenValidationException: Failed to ...
    Answered | 5 Replies | 187 Views | Created by Choll152 - Thursday, January 24, 2019 4:13 PM | Last reply by Choll152 - Monday, February 11, 2019 10:12 AM
  • large check mark
    0 Votes

    Create new certificate for the ATA Center

    Security
     > 
    Microsoft Advanced Threat Analytics
    Hi, Kindly need your help how to create new certificate for the ATA Center (step by step) as we are receiving the below alert in ...
    Answered | 1 Replies | 118 Views | Created by AhmadJY - Sunday, February 10, 2019 2:54 PM | Last reply by Eli Ofek - Sunday, February 10, 2019 4:23 PM
  • large check mark
    0 Votes

    All ATA Events Forwarded to SIEM

    Security
     > 
    Microsoft Advanced Threat Analytics
    Is it possible to forward All ATA console events to the notifications for SIEM via syslog ? We are sending events to the SIEM via syslog, but only alerts are ...
    Answered | 2 Replies | 140 Views | Created by Securitt - Thursday, February 7, 2019 9:50 PM | Last reply by Eli Ofek - Friday, February 8, 2019 10:54 PM
  • large check mark
    0 Votes

    Different Alerts are trigerred time to time

    Security
     > 
    Microsoft Advanced Threat Analytics
    We are new to ATA 1.9 so don't know how to remediate alerts what action needs to be done against alerts , so here is a request anybody can refer us the guidance or links so that we ...
    Unanswered | 1 Replies | 99 Views | Created by Safwan syed - Wednesday, February 6, 2019 9:57 AM | Last reply by Andy Liu50 - Thursday, February 7, 2019 5:29 AM
  • large check mark
    0 Votes

    Abnormal behavior - CIFS listed as service type in ATA but the host doesn't have that service listed in servicePrincipalName attribute

    Security
     > 
    Microsoft Advanced Threat Analytics
    We periodically get "Suspicion of identity theft based on abnormal behavior" alerts where a user is requesting CIFS access for nearby PCs. The "CIFS" string is ...
    Unanswered | 2 Replies | 144 Views | Created by H Kelley - Friday, February 1, 2019 5:36 PM | Last reply by H Kelley - Wednesday, February 6, 2019 2:37 AM
  • large check mark
    0 Votes

    Inconsistency For Alert Generation (Malicious Replication of Directory Services) ATA v1.9.1

    Security
     > 
    Microsoft Advanced Threat Analytics
    I'm currently testing the workflow we've set up as a response to Malicious Replication of Directory Services detection but ATA doesn't generate the alert consistently.  Specifically I'm seeing ...
    Unanswered | 4 Replies | 156 Views | Created by cyddavis - Thursday, January 31, 2019 6:34 PM | Last reply by cyddavis - Tuesday, February 5, 2019 1:32 PM
  • large check mark
    0 Votes

    Windows Defender is blocked by Group Policy

    Security
     > 
    Microsoft Advanced Threat Analytics
    Hello Dear people, I have a pop-up and it written "Windows Defender is blocked by Group Policy". What is this? Please help. Marry
    Unanswered | 2 Replies | 253 Views | Created by Marry55 - Tuesday, December 11, 2018 11:15 PM | Last reply by Marry55 - Monday, February 4, 2019 9:31 AM
  • large check mark
    0 Votes

    Microsoft ATA RESTful API

    Security
     > 
    Microsoft Advanced Threat Analytics
    Is there any RESTful API available for Micrsoft ATA??
    Unanswered | 2 Replies | 137 Views | Created by rovish2204 - Thursday, January 31, 2019 11:17 AM | Last reply by H Kelley - Friday, February 1, 2019 5:19 PM
  • large check mark
    0 Votes

    ATA - Dual Factor Authentication

    Security
     > 
    Microsoft Advanced Threat Analytics
    Is there a way to integrate dual factor authentication with the ATA center? Such as Smart Card authentication, or RSA Token authentication in addition to the active directory single ...
    Unanswered | 1 Replies | 138 Views | Created by Securitt - Wednesday, January 30, 2019 2:19 PM | Last reply by Andy Liu50 - Thursday, January 31, 2019 6:43 AM
  • large check mark
    0 Votes

    Computer/User view page refreshes every 5s

    Security
     > 
    Microsoft Advanced Threat Analytics
    When I click on a computer or user object to view its timeline, whether it was involved in a suspicious activity or not, the page keeps refreshing every 5s thus not allowing me to perform an ...
    Unanswered | 11 Replies | 589 Views | Created by J0A0 PAUL0 - Monday, June 11, 2018 2:07 PM | Last reply by Spd-demon - Wednesday, January 30, 2019 9:27 PM
  • large check mark
    0 Votes

    ATA and DNS Traffic

    Security
     > 
    Microsoft Advanced Threat Analytics
    We do not use AD for our DNS server.  Do we need to SPAN or TAP our DNS servers?  We don't care about zone transfers as we have this locked down and get these alerts via other means.  ...
    Unanswered | 1 Replies | 140 Views | Created by mcglynn1 - Wednesday, January 30, 2019 6:22 PM | Last reply by Eli Ofek - Wednesday, January 30, 2019 7:10 PM
  • large check mark
    0 Votes

    False pass-the-hash when Citrix pass-through authentication in use

    Security
     > 
    Microsoft Advanced Threat Analytics
    I have recently installed ATA (1.8.6645.28499). It is now in to the second week of its learning phase and it is raising a considerable number of false pass-the-hash alerts when users initiate ...
    Unanswered | 5 Replies | 694 Views | Created by RichardATA - Wednesday, December 20, 2017 10:14 AM | Last reply by RichardATA - Wednesday, January 30, 2019 2:53 PM
  • Items 1 to 20 of 1050 Next ›
Announcement: 1

Microsoft Advanced Threat Analytics announcement

  • Link
    Welcome to Microsoft Advanced Threat Analytics forum
    ophirp Monday, May 4, 2015 2:52 PM

    Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.

    For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .

    For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet

 
© 2019 Microsoft. All rights reserved.
Newsletter|Contact Us|Privacy Statement|Terms of Use|Trademarks|Site Feedback