다음을 통해 공유

Microsoft Advanced Threat Analytics: How to configure


How can we make sure that your infrastructure is secure, today most of the attacks in organizations go undetected for months.

With the Microsoft Advanced Threat Analytics (ATA) helps identify violations and threats using behavioral analysis and provides a clear, actionable report on a schedule of simple attack.

Microsoft Advanced Threat Analytics is a product of cyber-security in place that detects advanced attacks using user and entity behavior analysis (UEBA). ATA combines machine learning, real-time detection based on the attacker's TTP (tactics, techniques, and procedures) and security issues to help reduce the attack surface.

How Advanced Threat Analytics (ATA) works


Step 1: Analyze

The ATA uses a comprehensive technology package to analyze the entire Active Directory. It can also collect relevant events of SIEM and other resources.

Step 2: Understanding the routine

The ATA starts automatically to learning the behavior of users, devices, and profiling features and creates a map entity interaction.

Step 3: Detecting

The ATA identifies abnormal behaviors and raises red flags when necessary.

Step 4:

The ATA reports on suspicious activities on a timeline of the simple attack, providing information about users and help the recommendations for the next steps.

ATA's topology

The deployment process is simple, quick and simple, but I still think it's important to understand the ATA and ATA Gateway topology and functions of the Centre. In the diagram below, you can see that each Gateway is to analyze the network traffic (DPI) of a different switch through port mirroring, receive events of SIEM via Syslog listener or directly from the domain controllers through the Windows event Forwarding (WEF), then the Gateway sends relevant data to the Centre for detection.




Microsoft ATA.

Configuring the Microsoft ATA Advanced Threat Analytics

Download the software at the Microsoft Advanced Threat Analytics, after downloading run the EXE.


Choose the Language of your choice and click Next.


Accept the license terms and click Next



Now let's configure some parameters before continuing the installation:

  1. choose the installation location.
  2. Select the IP and port.
  3. Select to automatically configure the certificate.

Then click Next.



Wait for the end of the installation.



After installation, click Launch



As in the configuration to automatically create the certificate, he warns that the certificate is not working properly. Click Continue to this Website




Ready this ATA Panel, log in with your administrator user to your server.


After log in ATA, ATA configuration we Center.


Now let's add the following information, user/password, and your dominio.com.br, and then click Save


Ready your Gateway has been configured, now let's Download the Gateway.


Extract the Gateway and run.



Choose the Language of your choice and click Next.


Now let's configure some parameters before continuing the installation:

  1. choose the installation location.
  2. Select to automatically configure the certificate.
  3. place the service user.

Then click on Install.




Wait for the installation.


During installation, the synchronization is as pending.


After installation, click Launch



As in the configuration to automatically create the certificate, he warns that the certificate is not working properly. Click Continue to this Website




Log in with the user service.


Now let's configure some parameters before continuing the installation:

  1. Add the description of your server.
  2. Add your Domain Controller.
  3. Select the certificate.
  4. Select the network card.

Then click Save 



Wait until he finishes synchronization.


The environment is already configured, I'm going to do some research with my server.


The ATA is already worked in your organization.


This document was originally published as http://www.micheljatoba.com.br/2015/11/como-configurar-microsoft-advanced.html and has been reproduced here to allow the community to correct any inaccuracies or provide other improvements until you update the original version of this topic.