Last week I went through an install of Microsoft Advanced Threat Analytics which requires Windows Server 2012 R2. While the ATA center can only be installed on Windows Server 2012 R2 or later, the lightweight gateway for the domain controller can be installed on Windows Server 2008 R2 or later.
For the domain controllers to report information, the lightweight gateway will have to be installed. Once the ATA console is opened, the download for the ATA lightweight gateway will be located in the ATA center.
The gateway will need to be installed on each domain controller. The setup doesn’t require the domain controller to be restarted. Once the gateway is installed, the domain controller will start reporting into the console.
Reporting in the console can be done by clicking the icon in the top right and download. Reports can also be generated on schedule if a mail server is added.
Reports are only one way to view suspicious activity. At the top of the page, a name or machine can be typed in to view any suspicious activity.
ATA can be a great tool to determine attacks in your environment that could possibly go undetected. Contact Windows Management Experts for more information on how ATA can assist in protecting your environment!
Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.