Anybody deployed ATA to their domain controllers?

  • Last Post 01 June 2019
Ravi.Sabharanjak posted this 31 May 2019

We have the light weight gateway deployed, however I dont see much value in the alerting it generates, with most being false positives. Are you finding any value?

Order By: Standard | Newest | Votes
jeremy.stump posted this 31 May 2019

We do but like you said a lot of false positives. I guess we should be lucky we have put in place a lot of other security best practices from our vendors of choice

to keep the bad stuff out and not see alerts we need to take action on J


I think there is a benefit of leaving it running.


Jeremy Stump

(901) 227-8205


Mahesh posted this 31 May 2019

I have deployed ATA on domain controllers couple of times two years back
As far as my experience, its useless product as you cannot justify alerts and even Microsoft do not have proper explanation for those alerts
Even customers ask numerous question regarding alerts and you don't have reasonable answer for their queries
Best Regards


aut0pil0t posted this 01 June 2019

We did and it generated a lot of valuable alerts. However, the version before the latest one of 1.9.2 was a bit buggy and it generated a lot of false positives. Therefore, make sure that you have the very latest ATA deployed.

On the same topic, we found that Azure ATP was more helpful than ATA, and the alerting criteria and information included in them to perform investigations was better. The resource consumption of its sensors on the domain controllers were quite less as well.

You'll need EMS E5 licenses for that though.

Kind regards,