Posts Tagged ‘ATA’

Microsoft Advanced Threat Analytics (ATA) 1.9

Description of Microsoft Advanced Threat Analytics v1.9

What is Advanced Threat Analytics?

Microsoft Advanced Threat Analytics:

ATA architecture topology diagram

If you deploy the ATA Lightweight Gateway directly on your domain controllers, it removes the requirement for port mirroring.

The ATA Center requires a recommended minimum of 30 days of data for user behavioral analytics.

ATA Components

ATA consists of the following components:

  • ATA Center
    The ATA Center receives data from any ATA Gateways and/or ATA Lightweight Gateways you deploy.
  • ATA Gateway
    The ATA Gateway is installed on a dedicated server that monitors the traffic from your domain controllers using either port mirroring or a network TAP.
  • ATA Lightweight Gateway
    The ATA Lightweight Gateway is installed directly on your domain controllers and monitors their traffic directly, without the need for a dedicated server or configuration of port mirroring. It is an alternative to the ATA Gateway.

An ATA deployment can consist of a single ATA Center connected to all ATA Gateways, all ATA Lightweight Gateways, or a combination of ATA Gateways and ATA Lightweight Gateways.

Microsoft Advanced Threat Analytics Sizing tool – Version 3.7.0

ATA: Recorded security eventlog events

To enhance detection capabilities, ATA needs the following Windows events: 4776, 4732, 4733, 4728, 4729, 4756, 4757

For ATA versions 1.8 and higher, event collection configuration is no longer necessary for ATA Lightweight Gateways. The ATA Lightweight Gateway can now read events locally, without the need to configure event forwarding.


ATA Auditing (AuditPol, Advanced Audit Settings Enforcement, Lightweight Gateway Service discovery):

Introducing Microsoft Advanced Threat Analytics v1.8!

What’s new in Windows Defender ATP Fall Creators Update

Microsoft Advanced Threat Analytics support in OMS Security

Automate Advanced Threat Analytics Lightweight Gateway deployment with Powershell

Ransomware lateral movement, and how Microsoft Advanced Threat Analytics can help (ATA)