This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

No reported ATA suspicious activity

Question
0

Sign in to vote

Hello everyone,

I installed the ATA light gateway on 4 DCs. I successfully setup the smtp server for notifications and added my email address to receive health and suspicious activity alerts. I can search for any users in the ata center and see their recent activities. However, I don't see any reporting of suspicious activities in ATA center. I ran the nslookup ls -d domain command twice and it generated two ata suspicious alerts but when my coworkers ran the same command ata didn't report any suspicious activity for them. Any idea? your help would be greatly appreciated.

Tuesday, April 7, 2020 9:22 PM

All replies

0

Sign in to vote

Are those 4 DCs a 100% coverage for your network?

If your co workers are hitting another DC that is not monitored yet, ATA will be blind to it.

Tuesday, April 7, 2020 10:32 PM
0

Sign in to vote

Yes, those 4 DCs cover our entire network and my co workers are hitting the same DCs. I ran the nslookup ls -d domain a few more times again but they didn't generate anymore ATA alerts.

Tuesday, April 7, 2020 11:06 PM
0

Sign in to vote

Running those attakcs from the same computer again will update the existing SA , not create new ones.

Are the co workers attacking from the same machines as you did ?

Also, by any chance are those source machines running a DNS service ?

Thursday, April 9, 2020 8:57 PM
0

Sign in to vote

My coworkers are attacking from their own desktop PCs and none of those machines are DNS servers. The ATA server is also not a DNS server. I hope it answers your questions since I'm not sure what you mean by source machines.

Friday, April 10, 2020 8:47 PM
0

Sign in to vote

Any health alerts in the console ?

Friday, April 10, 2020 11:25 PM