Over 1 million tech questions and answers.

Microsoft Advanced Threat Analytics Center service not starting

Q: Microsoft Advanced Threat Analytics Center service not starting

Hello,

after 3 re'installation, I am not able to start Microsoft Advanced Threat Analytics Center service., i have the following
error from my log file :

System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:27017


The MongoDB service est running, but the ATA center service does not work, i have uninstalled completely the ATA center and reinstalled all gateways, but a few minutes later, i have the same issue and from the web console, the configuration regarding ATA
center disppears ...
i have the last version 1.8 update 1
do you have any idea ?
thank you in advance

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Microsoft Advanced Threat Analytics Center service not starting

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 173.6

Microsoft Advanced Threat Analytics Center and gateway service not starting.
Windows could not start the Microsoft Advanced Threat Analytics Center and gateway service on the local computer
Showing error 1067: The process terminated unexpectedly.

Read other answers
RELEVANCY SCORE 158.4

Hi There,

After making the changes as per below url, I am not able to start Microsoft Advanced Threat Analytics Center service.
https://technet.microsoft.com/en-us/library/mt348975.aspx

Log file says "Illegal characters in path."
Cheers,
Narayan

Read other answers
RELEVANCY SCORE 152.8

We added a third VNIC to our instance inside a UCS chassis. I'm beginning to think that our DC Ops guys may not have shut down the server gracefully. Upon restart the service would not start.
The Microsoft.Tri.Center-Errors.log repeats the same error over and over:

2017-04-18 10:54:24.9832 5008 5   00000000-0000-0000-0000-000000000000 Error [DateTimeParse] System.FormatException: String was not recognized as a valid DateTime.
   at System.DateTimeParse.ParseExact(String s, String format, DateTimeFormatInfo dtfi, DateTimeStyles style)
   at Microsoft.Tri.Center.Common.TimedBloomFilter`1.Load(String path)
   at Microsoft.Tri.Center.Processing.NetworkActivityProcessor.<OnInitializeAsync>d__35.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.ModuleManager.&l... Read more

Read other answers
RELEVANCY SCORE 151.2

after upgrade to 1.7 Microsoft Advanced Threat Analytics Center service won't start,
we get error
event id 7031

The Microsoft Advanced Threat Analytics Center service terminated unexpectedly.  It has done this 12950 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
need help.

Read other answers
RELEVANCY SCORE 151.2

Hello,
I am trying to setup ATA and the server that we are installing the ATA Center on has a system log filled with these messages:
"The Microsoft Advanced Threat Analytics Center service terminated unexpectedly.  It has done this 274 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service."
There does not seem to be anything else in the event logs that indicate why this is happening.  This is a Windows Server 2012 R2 machine that was freshly installed.
Any thoughts on what I can do to troubleshoot this?
Thanks,
Matt

Read other answers
RELEVANCY SCORE 149.6

Hi,
I'm running MS ATA 1.9.7312.32791 and haven't had any issues for close to two years.
I noticed yesterday that I didn't receive my daily emails from MS ATA so this morning I checked the ATA server and my event log is full of this message:
The Microsoft Advanced Threat Analytics Center service terminated unexpectedly.  It has done this 14 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
I went and checked the log files and in the Errors log file I see this message logged over and over:
Error [CertificateExtension] Microsoft.Tri.Infrastructure.Utils.ExtendedException: There are no matching certificates [StoreLocation=LocalMachine StoreName=My thumbprint=660CXXXXXX]
So I checked the certificates on the server and I can't find a certificate with the thumbprint of 660CXXXXXX.
If I look in MMC I do see the certificate for the server and it has shows that it was recently renewed (probably automatically thru Active directory)
I can't access the ATA website on the server to specify the new certificate.
How can I fix this?  Do I need to re-install ATA.  If I re-install will I lose all the information that has already been collected?
Thanks in advance,
Nick

Read other answers
RELEVANCY SCORE 133.6

Hello. I install Microsoft ATA Console and Microsoft ATA Gateway on fresh 2012R2 server with all updates preinstalled.
Here settings



Here errors
Microsoft.Tri.Gateway-Resolution

2015-10-29 02:44:56.9991 2460 5 00000000-0000-0000-0000-000000000000 Debug [NetworkNameResolver] Initialized
2015-10-29 02:44:57.0181 2460 5 00000000-0000-0000-0000-000000000000 Debug [DirectoryServicesClient] Initialized
2015-10-29 02:44:57.0341 2460 5 00000000-0000-0000-0000-000000000000 Debug [DirectoryServicesResolver] Initialized
2015-10-29 02:44:57.0511 2460 5 00000000-0000-0000-0000-000000000000 Debug [EntityResolver] Initialized
2015-10-29 02:44:58.4401 2460 5 11ab8557-9725-452e-a456-582d511db311 Debug [NetworkNameResolver] Starting
2015-10-29 02:44:58.5181 2460 5 11ab8557-9725-452e-a456-582d511db311 Debug [NetworkNameResolver] Started
2015-10-29 02:44:58.5181 2460 5 11ab8557-9725-452e-a456-582d511db311 Debug [DirectoryServicesClient] Starting
2015-10-29 02:44:58.5971 2460 5 11ab8557-9725-452e-a456-582d511db311 Error [DirectoryServicesClient] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=dc1.domail.local] ---> System.DirectoryServices.Protocols.LdapException: ????????? ????????? ??????.
? System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
? Microsoft.Tri.Gateway.Resolution.DirectoryServicesC... Read more

Read other answers
RELEVANCY SCORE 129.2

Hi
We have ATA deployed as follow:
Version 1.9.7478.57683 latest
on Hyper-V VM both host and guest are W2K12R2 with latest update and patches installed

on server manager page Microsoft Start ATA Gateway Keep showing start pending and when i check Event viewer it shows at system section error 7031
The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly.  It has done this 256 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
we used lightweight gateways deployment on 4 Domain Controllers all are same version witch is 1.9.7478.57683 service status showing running and they are fine
at C:\Program Files\Microsoft Advanced Threat Analytics\Center\Logs logs hsow as follow :
Microsoft.Tri.Center-Errors
2019-04-14 09:26:29.3902 2540 433 Error [ExceptionFilterStream] System.IO.IOException ---> System.Net.HttpListenerException: An operation was attempted on a nonexistent network connection
   at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at Microsoft.Owin.Host.HttpListener.RequestProcessing.ExceptionFilterStream.Write(Byte[] buffer, Int32 offset, Int32 count)
   --- End of inner exception stack trace ---
   at Microsoft.Owin.Host.HttpListener.RequestProcessing.ExceptionFilterStream.Write(Byte[] buffer, Int32 offset, Int32 count)
   at async Microsoft.Tri.Common.Management.AppBuilderExtension.<>c... Read more

Read other answers
RELEVANCY SCORE 128.4

The ATA Gateway service keep restating and i get the following in the log:
2015-05-12 10:24:48.8296 1340 5   28ddf5ea-a0e2-4f69-9d2e-2c8b6a0d3a10 Debug [DirectoryServicesClient] Starting

2015-05-12 10:24:49.0640 1340 14  28ddf5ea-a0e2-4f69-9d2e-2c8b6a0d3a10 Warn  [DirectoryServicesClient] LDAP search failed [DomainControllerDnsName=XXX.dk BaseDistinguishedName=CN=Sites,CN=Configuration,DC=XXX,DC=dk Scope=Subtree Filter=(&(objectClass=server)(dnsHostName=XXX.dk))
AttributeNames=canonicalName objectClass whenCreated displayName distinguishedName objectGUID isDeleted name objectSID whenChanged dnsHostName serverReference Options=NoResultsWarning]

2015-05-12 10:24:49.0640 1340 5   00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient]  System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.OnStart()
   at Microsoft.Common.Framework.Module.Start()
   at Microsoft.Common.Framework.ModuleManager.OnStart()
   at Microsoft.Common.Framework.Service.<>c__DisplayClass2.<OnStart>b__0()
   at Microsoft.Common.Utils.ExceptionHandler.<>c__DisplayClass1.<Run>b__0()
   at Microsoft.Common.Utils.ExceptionHandler.Run[TResult](Func`1 function, Boolean shouldRethrow)

A:The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly

oh have forgot to put the intire FQDN name of the Domain Controller i was monitoring in the
Port Mirrored Domain Controllers (FQDN) 

Read other 2 answers
RELEVANCY SCORE 128.4

We are getting below error on Lightweight Gateway server repeatedly. Can anyone help on this?
Log Name:      System
Source:        Service Control Manager
Date:          7/30/2020 4:38:56 AM
Event ID:      7031
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Server.domain.net
Description:
The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Read other answers
RELEVANCY SCORE 127.2

Hi all,
We're trying to build a Microsoft ATA lab (Version 1.4.2457.4623) in our environment. We have follow the guideline from Technet and we found out after our installation the Microsoft ATA services was unable to start. Below is
the error show on log file.

2015-09-11 02:33:30.3302 2936 5   fccebc4e-d3b1-4199-8725-04a17f352fa0 Error [DirectoryServicesClient] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=enfraad01.enfrasys.com] ---> System.DirectoryServices.Protocols.LdapException:
The supplied credential is invalid.
The services was set to run as local system. I've try to put my domain admin credential but still no luck.

Any help would be very appreciated.

Thanks in advanced.

Read other answers
RELEVANCY SCORE 114.8

Thank for any and everyone taking time to read this request.

Our security team had some configuration questions that I have not been able to answer.


Is there a way to convert ATAC from UTC to EST when it comes to reporting? Converting the time signatures is resource draining for them.Can the threshold for brute force attack reports be raised?
These are two of what I am sure will be many more deep custom questions. Is there a method to configure these types of things?



Thanks in advance!

Read other answers
RELEVANCY SCORE 112.8

Is someone heard about this technology?
Advanced Threat Analytics | Microsoft
 

A:Microsoft Advanced Threat Analytics (ATA). Have you used it?

This is an Enterprise solution. Microsoft bought out a startup late last year (Aorato) which focused on Active Directory Security. Essentially it is supposed to protect from attacks from within (like a cleaning man downloading the US Army's plan to firebomb Toronto) as well as without (like foiling stuff like pass-the-hash hacks).

It's really curious that Microsoft chose Aorato to buy; they (Aorato) published a paper in the middle of last year stating that Microsoft's Active Directory had a serious flaw; turns out that the report was totally false as the potential vulnerability was known for years and really had nothing to do with the implementation of AD. It also required a number of things to be in place that weren't really feasible.

But to answer your question, ATA isn't for the home user.
 

Read other 1 answers
RELEVANCY SCORE 112.8

Hello All..........I am new Microsoft Advanced Threat Analytics and would appreciate if someone could give a brief account of what they are? What it is? What it does and how it can help business?

Thanks in advance.

Read other answers
RELEVANCY SCORE 112.8

Hi, Guys.
How to use Microsoft Advanced Threat Analytics? And it is setup? and how to address suspicious activities being detected via ATA?
Thank you.

Read other answers
RELEVANCY SCORE 112.8

Hi, Guys.

How to use Microsoft Advanced Threat Analytics? And it is setup? and how to address suspicious activities being detected via ATA?

Thank you.

Read other answers
RELEVANCY SCORE 112.8

we Have Microsoft Advanced Threat Analytics v1.7 and start the Upgrade process to v1.8 and the estimated time for the full upgrade supposed to be 13 hours and now it's over 24 hours and still the upgrade in progress and the ATA services is offline
, Any ideas ?

Read other answers
RELEVANCY SCORE 110.4

Hi! After some failure i tried to restore my ATA server from snapshot,but MOngoDB service wont start ar all, in services - 1067 error appears, and in cmd it cannot be repaired - it fails with this:
C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin>mongod -
-dbpath "C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin
\data" --repair
2017-11-22T17:59:46.325+0300 I CONTROL  [initandlisten] MongoDB starting : pid=3
860 port=27017 dbpath=C:\Program Files\Microsoft Advanced Threat Analytics\Cente
r\MongoDB\bin\data 64-bit host=MSK02MATA01
2017-11-22T17:59:46.326+0300 I CONTROL  [initandlisten] targetMinOS: Windows 7/W
indows Server 2008 R2
2017-11-22T17:59:46.326+0300 I CONTROL  [initandlisten] db version v3.4.2
2017-11-22T17:59:46.326+0300 I CONTROL  [initandlisten] git version: 3f76e40c105
fc223b3e5aac3e20dcd026b83b38b
2017-11-22T17:59:46.326+0300 I CONTROL  [initandlisten] allocator: tcmalloc
2017-11-22T17:59:46.326+0300 I CONTROL  [initandlisten] modules: none
2017-11-22T17:59:46.326+0300 I CONTROL  [initandlisten] build environment:
2017-11-22T17:59:46.326+0300 I CONTROL  [initandlisten]     distmod: 2008plus
2017-11-22T17:59:46.327+0300 I CONTROL  [initandlisten]     distarch: x86_64
2017-11-22T17:59:46.327+0300 I CONTROL  [initandlisten]     target_arch: x86_64
2017-11-2... Read more

Read other answers
RELEVANCY SCORE 110.4

Hello,
I am doing a laboratory with microsoft ATA and I got a question, how many DC or File Servers can attach to one Gateway?
Thanks.

Read other answers
RELEVANCY SCORE 110.4

Hello,
I am doing a laboratory with microsoft ATA and I got a question, how many DC or File Servers can attach to one Gateway?
Thanks.

Read other answers
RELEVANCY SCORE 109.2

Is Microsoft Advanced Threat Analytics download for home users?

Read other answers
RELEVANCY SCORE 109.2

I upgraded to Microsoft Advanced Threat Analytics 1.7 now when i attempt to open the console, I get Page cannot be displayed.  Additionally, in IIS the Microsoft ATA App Pool is gone as well as the ATA website.  the system shows ATA 1.7 as being
installed, the services all start but everything is IIS is missing...  HELP please!

Read other answers
RELEVANCY SCORE 109.2

Hello,
I'am trying to install Microsoft ATA in a Vmware ESXi 5.5
environment.
My test lab contains 2DC (2008R2), 1 Microsoft ATA Center Server (2012 R2) and 1 Microsoft ATA Gateway server (2012 R2). The
Center server has been successfully installed.
Now I'am stuck on the gateway installation. My windows 2012R2 server has all the last microsoft updates. When I valid the installation
(after the path, autosigned certificate and credentials options) the setup crash with the following problem signature  :
Microsoft Advanced Threat Analytics Gateway has stopped working :
Problem Event Name : CLR20r3

Application Name : Microsoft ATA Gateway Setup.exe

Application Version : 1.4.2457.4623

Application Timestamp : 548629eb

Fault Module Name : mscorlib

Fault Module Version : 4.0.30319.34014

Fault Module Timestamp : 52e0b679

Exception offset : 451e

Problem Signature : Ce

Problem Signature : System.IO.FileNotFoundException

OS Version : 6.3.9600.2.0.0.272.7

Locale ID : 1036

In the Application logs, I have two errors related to this crash : 
- .Net Runtime events 1026, Framework v4.0.30319, System.IO.FileNotFoundException, Microsoft.Tri.Deployement.UI.Application.BootstrapperApplication.....
- Application error events 1000, Microsoft ATA Gateway Setup.exe, version 1.4.2457.4623, fault module KERNELBASE.dll

Any help would be very appreciated.
Thanks in advanced.
 

Read other answers
RELEVANCY SCORE 108

I have 3 DCs running the lightweight gateway. The console is running on another server. The console emails all alerts to me.  Most of the time the time is correct on the emailed alerts, but on a lot of occasions the time is way off. 
For example, the emailed alert today said that the lightweight gateway has stopped communicating.  Then it states "Last communication was on 8/9/2016 at 4:40:50 PM".  I received this alert at 12:15 on 8/9/2016.  I checked the times
and time zones on the 3 DCs and the console.  The are all correct.  So where is it getting the time from?  Or is this just a bug that hasn't been worked out yet?

Read other answers
RELEVANCY SCORE 108

Hi, Guys.
If we get the following suspicious activities detected by ATA, what practical action plans, checks, investigation, etc. (i.e. based on experiences) that could be done on top of https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide
to determine if the detection is true positive, benign true positive or false positive?
1) Honeytoken activity
2) Suspicion of identity theft based on abnormal behaviour
3) Unusual protocol implementation
4) Suspicious authentication failures
5) Identity theft using Pass-the-Hash attack
6) Reconnaissance using Directory Services queries
7) Reconnaissance using account enumeration
8) Encryption downgrade activity

Thank you.

Read other answers
RELEVANCY SCORE 108

Hi, Guys.
If we get the following suspicious activities detected by ATA, what practical action plans, checks, investigation, etc. (i.e. based on experiences) that could be done on top of https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide
to determine if the detection is true positive, benign true positive or false positive?
1) Honeytoken activity
2) Suspicion of identity theft based on abnormal behaviour
3) Unusual protocol implementation
4) Suspicious authentication failures
5) Identity theft using Pass-the-Hash attack
6) Reconnaissance using Directory Services queries
7) Reconnaissance using account enumeration
8) Encryption downgrade activity

Thank you.

Read other answers
RELEVANCY SCORE 108

The Microsoft Advanced Threat Analytics Management Pack published Oct 3, 2017 isn't for ATA 1.9.  I can't find an MP for 1.9.  Is one even out yet?  If so, where can I find it that search algorithms cannot?  If not, when will it be available?
Sincerely, 

"I need that management pack."

Read other answers
RELEVANCY SCORE 106

Hi All,
        Can you any one please help me on below query..?

 Microsoft Advanced Threat Analytics  have any Generation of Core Checklist and  Role Based Access...?
Thanks

Balaj Kaliyamoorthy

Read other answers
RELEVANCY SCORE 94.8

We have ATA (Version1.9.7312.32791) and Lightweight Gateways on Domain controllers. NPS running on this DC.
How to collect VPN accounting to ATA? What ip address need to use for "Remote RADIUS server group"
C:\Windows\system32>netstat -a | FINDSTR 1813
  UDP    0.0.0.0:1813           *:*
  UDP    1XX.XX.0.64:1813       *:*

Read other answers
RELEVANCY SCORE 93.6

I'm looking for information about threat Analytics, is there any material on RTG?

Read other answers
RELEVANCY SCORE 93.6

Hi,
I am looking for Step by step Use/Operations Documents for ATA.
I just installed ATA Center and Gateway Server and i want to know how to use all the Features of ATA and how to demostrate this to Customer.


Shailendra Dev

Read other answers
RELEVANCY SCORE 93.6

When is the next version of ATA coming out? And is there a preview, insider or beta version that we can test in advance? It seems like development on this product has slowed down. Can someone point me to where the developer community lives for this product
so I can talk with them about what is coming next?

Read other answers
RELEVANCY SCORE 92.8

https://gallery.technet.microsoft.com/Advanced-Threat-Analytics-7371c87f

Read other answers
RELEVANCY SCORE 92.8

Hello Team,
i am new to ata i  have few questions on ata please help me out of the ata issues.
 
1. what is sensitive  account   ?

2. what is the high and medium alert.?
3. my knowledge some one try to  reconnaissance with  destination  server and will stolen or do attack ?
4. before going to high alert it will show the medium alert   like reconnaissance is it correct or attacker will directly attack to destination  server ?
5. i found one incident  identity theft was stolen .it is in the high alert . what would  be the resolution  for this type of issues ?

Read other answers
RELEVANCY SCORE 92.8

Hi, 

itīs possible a ATA deployment in hyper-v 2008 r2?
Or with a physical dc and ATA server virtual?


Reagrds

Pedro Santos

Read other answers
RELEVANCY SCORE 92.8

Hi Guys
In order to do a POC or implementation of ATA what kind of details should be gathered from the customers existing infrastructure in order for us to successfully deploy or test out ATA in a production environment?
Appreciate some guidance and help
Thanks

Read other answers
RELEVANCY SCORE 92.8

Hi I am concerned that my sensitive groups in ATA is not flagging after modifying some of the Groups I tagged as Sensitive in AD.
Any Suggestions

Currently Running ATA ver 1.9

Read other answers
RELEVANCY SCORE 91.6

We are attempting to deploy Microsoft ATA in our environment. We have successfully deployed ATA Lightweight Gateways to the domain controllers to monitor traffic.
However, our environment uses standalone DNS appliances. We have configured a ATA Gateway and setup port mirroring between the DNS appliances and the ATA Gateway.
When configuring the ATA Gateway with the Port Mirrored Domain Controllers (FQDN), using the FQDN for the DNS servers the Gateway service will not start with a All domain controllers unreachable by a Gateway health message in the ATA center.
If we add a domain controller in the Port Mirrored Domain Controllers (FQDN) list and leave the DNS appliance in, the ATA Gateway service will start; however, a some domain controllers are unreachable by a Gateway message is displayed. The domain controllers
listed in the message is the DNS appliance which is not a domain controller. After this I have tried to simulate a DNS recon attack using NSLOOKUP with no luck.
Has anyone deployed ATA using DNS appliances or is this configuration not supported by Microsoft and will not work?
Thanks

Read other answers
RELEVANCY SCORE 91.6

What is the point of this forum if most of the questions are going to not be answered by Microsoft?

Read other answers
RELEVANCY SCORE 91.6

Where can I download ATA installer and how to activate it if I purchased it bundled with EMS. I read this article that it should be raised to Microsoft Support.

If you acquired an Enterprise Mobility + Security (EMS) license directly through the Microsoft 365 portal or through a Cloud Solution Partner License Model and you do not have access to ATA through the Microsoft Volume Licensing Center (VLSC), contact
Microsoft Customer Support to obtain activation processing Advanced Threat Analytics.

https://docs.microsoft.com/cs-cz/advanced-threat-analytics/install-ata-step1

Thank you!

Mary Yvette Bulaong

Read other answers
RELEVANCY SCORE 91.6

How do I get Advanced Threat Analytics to use single sign-on so I dont have to login to access ATA?  I'm using Windows 10/Microsoft Edge.

Read other answers
RELEVANCY SCORE 90.8

Does the latest Advanced Threat Analytics build (1.8) work on Windows Server 1709 (without the desktop experience)?  

Read other answers
RELEVANCY SCORE 82.4

 I?d like to see us try a proof of concept on this tool.
What is the next step?
 

Read other answers
RELEVANCY SCORE 80.4

We have a VMware Enterprise environment.
I have tested Microsoft ATA and it works perfectly well with Port Mirroring but for that we may have to choose Enterprise Plus.
Question:
With our existing infrastructure, will the Microsoft ATA solution work if I configure both the DC and the Gateway in (Promiscuous Port Group)?
If yes is it supported by Microsoft?
I would appreciate the answer if someone has implemented the solution first hand or knows about a reliable article/source.
For simplicity please assume the unknowns, thank you for your help.

Read other answers
RELEVANCY SCORE 80

kindly help me to address below question regarding Microsoft enterprise mobility suite Advanced thread analytics
1) what is gateway server why it is used
2) what is center server why it is used
3) gateway and center server should be on same server or different server 
4) if it is same server what is advantage and disadvantages
5) how to test ATA is working  I mean create alert from any computer since i don't have attack tool or not need to login unkown user account? wrong password?  need to create any script etc
6) what is exclusion DNS and pass on ticket means what?
7) what is honey token means? need to add all accounts or only suspected accounts?
8) it is possible to use ATA to cloud i mean intergration of on premise AD to Azure AD (Iaas)

Read other answers