Working with ATA audit logs
Applies to: Advanced Threat Analytics version 1.9
The ATA audit logs are kept in the Windows Event Logs under Applications and Services and then Microsoft ATA both on the ATA Center and ATA Gateway machines.
The ATA Center audit log contains:
- Suspicious activity information
- Monitoring alerts (health page)
- ATA Console logins
- All configuration changes*
The ATA Gateway audit log contains:
- Gateway configuration changes*
(All ATA Gateway configuration changes are configured on the ATA Center but are still audited on the Gateway machine itself.)
*The configuration change audit log contains both the previous configuration and the new configuration.
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.