Highlighted
akash1609 Valued Contributor.
Valued Contributor.
1467 views

Microsoft ATA integration guide

Jump to solution

please share Microsoft ATA integration guide

Thanks, Akash.
Labels (1)
0 Likes
1 Solution

Accepted Solutions
stefan.oancea Outstanding Contributor.
Outstanding Contributor.

Re: Microsoft ATA integration guide

Jump to solution

Hello Akash,

I don't know if you are still following this post, but apparently ATA is now able to send CEF:

https://docs.microsoft.com/en-us/advanced-threat-analytics/cef-format-sa

I will soon try to integrate it and if you are still interested I can share my experience with you.

All the best,

Stefan

0 Likes
5 Replies
Gayan Acclaimed Contributor.
Acclaimed Contributor.

Re: Microsoft ATA integration guide

Jump to solution

There is no MS ATA guide.

Mr
0 Likes
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: Microsoft ATA integration guide

Jump to solution

Microsoft ATA is still very new and rarely seen in the field. In fact, I haven't come across it once yet. What I would say though is to take a look at what can be generated and what the options are.

I did find a link to their inbound log setup here:

Configure event collection in Advanced Threat Analytics | Microsoft Docs

which isn't what we want, but it should point out some of the options that are related. The issue with these newer products is that sending logs out usually isn't a v1 release feature. So chances are there isn't much. But if there is, pleas do take a look and let's see what we can do.

If you can take a look and see, please post some ideas and maybe some samples? That we can work out what the options are and how we might look at integrating. 

0 Likes
shezaf1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Microsoft ATA integration guide

Jump to solution

ATA supports Syslog (configure, select notifications). Per this discussion, ATA logs into windows event log, though I found no formal documentation.  So a Syslog or WiNC sub-parsers should pull the trick.

0 Likes
stefan.oancea Outstanding Contributor.
Outstanding Contributor.

Re: Microsoft ATA integration guide

Jump to solution

Hello Akash,

I don't know if you are still following this post, but apparently ATA is now able to send CEF:

https://docs.microsoft.com/en-us/advanced-threat-analytics/cef-format-sa

I will soon try to integrate it and if you are still interested I can share my experience with you.

All the best,

Stefan

0 Likes
akash1609 Valued Contributor.
Valued Contributor.

Re: Microsoft ATA integration guide

Jump to solution

Hi Stefan,
This url is helpful, they are giving the sample CEF logs. But i am not able to find the integreation methods. So we can use syslog( Mr.shezaf1's suggestion) mechanism!

Thanks,

Akash

Thanks, Akash.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.