Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace

Microsoft ATA

Avatar Manjul Bhattarai
August 23, 2024 15:42
Follow

Release Details

Fields

Details

Name

Microsoft ATA

Version

5.1.0

Supported On

LogPoint v6.7.4 or later

Release Date

2021-01-11

Document Date 2021-01-11
Download MicrosoftATA_5.1.0.pak
SHA256 bf030346c67e5811d424dec7cb64c0ecbb0a6bb5b391e8b85e2eed0a749e3f28

 

Package Details

The application consists of the following components:

1. Alert Packages

  • LP_Microsoft ATA_Pass the ticket
  • LP_Microsoft ATA_Suspicious replication of directory services
  • LP_Microsoft ATA_Database used by a Center is Down
  • LP_Microsoft ATA_Identity theft using Pass-the-Ticket attack
  • LP_Microsoft ATA_Malicious Data Protection Private Information Request
  • LP_Microsoft ATA_Pass-the-hash

2. Dashboard Package

  • LP_Microsoft ATA

3. Compiled Normalizer

  • MicrosoftATANormalizer

General Description

The Microsoft ATA application enables you to monitor and identify threats in your organization using data from Microsoft ATA. You can further analyze the data using alerts and pre-set dashboard views. 

Installation 

Follow these steps to install the Microsoft ATA v5.1.0 application:

  1. Download the Microsoft ATA package from the Download section above.
  2. Add Microsoft ATA as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and an appropriate processing policy. 
  4. Assign the policy to the device.
  5. Add the dashboard.

Screenshots

ata3.pngata2.pngata1.png

Supported Device

The device supported by the Microsoft ATA with LogPoint in this configuration is:

  • Microsoft ATA v1.x

Log Format

Microsoft ATA v1.x

Expected Log Format

CEF

Log Sample

CEF:0|Microsoft|ATA|1.9.0.0|AbnormalSensitiveGroupMembershipChangeSuspiciousActivity|Abnormal modification of sensitive groups|5|start=2020-1-12T18:52:58.0000000Z app=GroupMembershipChangeEvent suser=abc msg=abc has uncharacteristically modified sensitive group memberships. externalId=1234 cs1Label=url cs1=https://1.1.1.1/suspiciousActivity/xxxxxxxxxxxxx

To export data to LogPoint, use the Syslog collector on port 514 of the LogPoint server.

Support

If you have any queries or require assistance, please feel free to contact our support team:

Email:             servicedesk@logpoint.com

Phone:           +45 7060 6100

Best regards,

logpoint123.png

Comments

Article is closed for comments.

Related articles

  • Microsoft Defender ATP
  • Ascom UCM
  • Blue Coat
  • Netgear Firewall
  • BitDefender
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.