Working with ATA audit logs
Applies to: Advanced Threat Analytics version 1.9
The ATA audit logs are kept in the Windows Event Logs under Applications and Services and then Microsoft ATA both on the ATA Center and ATA Gateway machines.
The ATA Center audit log contains:
- Suspicious activity information
- Monitoring alerts (health page)
- ATA Console logins
- All configuration changes*
The ATA Gateway audit log contains:
- Gateway configuration changes*
(All ATA Gateway configuration changes are configured on the ATA Center but are still audited on the Gateway machine itself.)
*The configuration change audit log contains both the previous configuration and the new configuration.