question

AlistairNelson-1385 avatar image
0 Votes"
AlistairNelson-1385 asked AbdulrehmanbinAltaf answered

Lateral movement report is empty

My ATA Lateral Movement detection scheduled report is empty. It seems to not have the right permissions.

The group policy "Network access: Restrict clients allowed to make remote calls to SAM" is not configured right now - I understand that is the most lenient setting and should allow ATA in? Port 445 is also allowed.

ems-advanced-threat-analytics
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Eli-Ofek avatar image
0 Votes"
Eli-Ofek answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AbdulrehmanbinAltaf avatar image
1 Vote"
AbdulrehmanbinAltaf answered

@AlistairNelson-1385 its not a big deal, if there is no lateral movement in your environment you will receive empty email without attachment
ie Lateral movement paths to sensitive accounts or Cleartext passwords exposed using unencrypted LDAP authentications report etc
make sure you are part of "Microsoft Advanced Threat Analytics Administrators" group in ATA server
91754-ata1.png


to check the report from ATA login at ATALOGINURL/reports and follow the below
91771-ata2.png



ata1.png (18.7 KiB)
ata2.png (47.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.