Anybody deployed ATA to their domain controllers?

  • Last Post 4 weeks ago
Ravi.Sabharanjak posted this 4 weeks ago

We have the light weight gateway deployed, however I dont see much value in the alerting it generates, with most being false positives. Are you finding any value?

Order By: Standard | Newest | Votes
jeremy.stump posted this 4 weeks ago

We do but like you said a lot of false positives. I guess we should be lucky we have put in place a lot of other security best practices from our vendors of choice

to keep the bad stuff out and not see alerts we need to take action on J


I think there is a benefit of leaving it running.


Jeremy Stump

(901) 227-8205


Mahesh posted this 4 weeks ago

I have deployed ATA on domain controllers couple of times two years back
As far as my experience, its useless product as you cannot justify alerts and even Microsoft do not have proper explanation for those alerts
Even customers ask numerous question regarding alerts and you don't have reasonable answer for their queries
Best Regards


aut0pil0t posted this 4 weeks ago

We did and it generated a lot of valuable alerts. However, the version before the latest one of 1.9.2 was a bit buggy and it generated a lot of false positives. Therefore, make sure that you have the very latest ATA deployed.

On the same topic, we found that Azure ATP was more helpful than ATA, and the alerting criteria and information included in them to perform investigations was better. The resource consumption of its sensors on the domain controllers were quite less as well.

You'll need EMS E5 licenses for that though.

Kind regards,