lundi 9 mai 2016

[ATA] Microsoft Advanced Threat Analytics 1.6 is available!

Microsoft recently released Advanced Threat Analytics (ATA) 1.6.

The main new features are:
  • New detection mechanism like:
    • Net Session enumeration through SMB in order to discover the share with the GPOs and so the domain controllers
    • Malicious AD replications requests
    • Malicious DPAPI in order to steal the recovery keys that give access to the shared secrets protected by this key
  • Improvement of existing detection mechanism
  • A new Lightweight gateway role: if the gateway with the port mirroring prerequisite is to heavy it’s possible for small remote sites it’s now possible to deploy a small version of the gateway on the domain controller acting like an agent
  • Automated updates: it’s now possible to use Microsoft Update, SCCM or WSUS in order to deploy new behaviour algorithm, detection mechanism, new features and hotfixes
  • Improvement of performance
  • Reduction of storage requirement: this version use only 20% of storage space used by the previous version
  • Support of IBM QRadar SIEM

This version is available for download at the following address:
If you want to use the new technical documentation portal of Microsoft which replace TechNet, you could found the dedicated part for ATA is available at:

And as usual don't forget to read carefully how to upgrade to the last version your infrastructure and the known issues ;)

Aucun commentaire:

Enregistrer un commentaire