Avatar of ncomper
ncomper
 asked on

Microsoft ATA (Advance Threat Analytics)

Afternoon all, im looking for a little advice on the Microsoft ATA solution. I have a client that has asked me to review the tool and implement it the network if appropriate. At present we have this in a Proof of Concept environment but i am having trouble getting anything to report back that is of any use (it notes new machines and users etc..)

Microsoft seem to have very little information on the tool and have not managed to come back with much useful information (they just keep providing web links to articles) we have the following setup in place at present:

Center Server: Virtual Server 2012 R2
Light Gateway: Virtual Server 2012 R2
Light Gateway: Azure Server 2012 R2
Light Gateway: Virtual Server 2008 R2

We have had limited feedback from the console on things that are happening within the network (but we did receive today on exposed credentials in clear text) so we know it is reporting things back. I wondered if anyone had used this before and could expand on the following:

  • How long is the learning period for the system
  • Will i be able to track access events (user/engineers accessing servers/shares they shouldnt
  • User account privileges (can i see if someone is given additional rights)
  • New administrator level account tracking

I would like to know how useful the system is in auditing the local network to offer feedback on potential security issues or will i need to review somthing like ManageEngine AdAudit?
* Threat Management Gateway (TMG)AzureSecurityMicrosoft Server Apps

Avatar of undefined
Last Comment
btan

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
btan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23