Skip to content

Latest commit

 

History

History
60 lines (39 loc) · 2.61 KB

setting-ata-alerts.md

File metadata and controls

60 lines (39 loc) · 2.61 KB
Raw
title description keywords author ms.author manager ms.date ms.topic ms.service ms.assetid ms.reviewer ms.suite
Set Advanced Threat Analytics notifications
Describes how to set ATA alerts so you are notified when suspicious activities are detected.
batamig
bagol
raynew
01/10/2023
conceptual
advanced-threat-analytics
14cb7513-5dc8-49cb-b3e0-94f469c443dd
bennyl
ems

Set ATA Notifications

[!INCLUDE Banner for top of topics]

ATA can notify you when it detects a suspicious activity, either by email or by using ATA event forwarding and forwarding the event to your SIEM/syslog server. Before selecting which notifications you want to receive, you have to set up your email server and your Syslog server.

Note

  • Email notifications include a link that takes the user directly to the suspicious activity that was detected. The host name portion of the link is taken from the setting of the ATA Console URL on the ATA Center page. By default, the ATA Console URL is the IP address selected during the installation of the ATA Center. If you are going to configure email notifications, it is recommended to use an FQDN as the ATA Console URL.
  • Notifications are sent from the ATA Center to either the SMTP server and the Syslog server.

To receive notifications, set the following parameters:

  1. In the ATA Console, select the settings option on the toolbar and select Configuration.

    ATA configuration settings icon.

  2. Under the Notifications & Reports section, select Notifications.

  3. Under Mail notifications, specify which notifications should be sent via email - new suspicious activities and new health issues. You can set a separate email address for the suspicious activities to be sent to and for the health alerts so that, for example, suspicious activity notifications can be sent to your security analyst and your health alert notifications can be sent to your IT admin.

    [!NOTE] Email alerts for suspicious activities are only sent when the suspicious activity is created.

  4. Under Syslog notifications, specify which notifications should be sent to your Syslog server - new suspicious activities, updated suspicious activities, and new health issues.

  5. Click Save.

    ATA mail notification settings image.

See Also

Check out the ATA forum!