Fortinet black logo

External Systems Configuration Guide

Microsoft Advanced Threat Analytics (ATA) On Premise Platform

Microsoft Advanced Threat Analytics (ATA) On Premise Platform

Support Added: FortiSIEM 6.3.1

Last Modification: FortiSIEM 6.3.1

Vendor Version Tested: Not Provided

Vendor: Microsoft

Product Information: https://docs.microsoft.com/en-us/advanced-threat-analytics/what-is-ata

Microsoft Advanced Threat Analytics (ATA) is an on-premises platform that helps protect enterprises from multiple types of advanced targeted cyber attacks and insider threats.

Log Information

Log Collection Method Purpose
Syslog Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "microsoft-ata" to see the event types associated with this device.

In 6.3.1, there are 51 event types.

Rules

In RESOURCES > Rules, search for "microsoft ata" in the main content panel Search... field to see related rules associated with this device.

In FortiSIEM 6.3.1, there is 1 rule available.

  • Microsoft ATA Center: Security Alert Triggered

Reports

In RESOURCES > Reports, search for "microsoft ata" in the main content panel Search... field to see the reports associated with this device.

In FortiSIEM 6.3.1, there are 2 reports available.

  • Microsoft ATA (Advanced Threat Analytics) Center - Change Audit Events

  • Microsoft ATA (Advanced Threat Analytics) Center - Security Alerts

Microsoft Advanced Threat Analytics (ATA) On Premise Platform

Support Added: FortiSIEM 6.3.1

Last Modification: FortiSIEM 6.3.1

Vendor Version Tested: Not Provided

Vendor: Microsoft

Product Information: https://docs.microsoft.com/en-us/advanced-threat-analytics/what-is-ata

Microsoft Advanced Threat Analytics (ATA) is an on-premises platform that helps protect enterprises from multiple types of advanced targeted cyber attacks and insider threats.

Log Information

Log Collection Method Purpose
Syslog Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "microsoft-ata" to see the event types associated with this device.

In 6.3.1, there are 51 event types.

Rules

In RESOURCES > Rules, search for "microsoft ata" in the main content panel Search... field to see related rules associated with this device.

In FortiSIEM 6.3.1, there is 1 rule available.

  • Microsoft ATA Center: Security Alert Triggered

Reports

In RESOURCES > Reports, search for "microsoft ata" in the main content panel Search... field to see the reports associated with this device.

In FortiSIEM 6.3.1, there are 2 reports available.

  • Microsoft ATA (Advanced Threat Analytics) Center - Change Audit Events

  • Microsoft ATA (Advanced Threat Analytics) Center - Security Alerts