Microsoft Advanced Threat Analytics – False positive

The scenario here is that a company has hired an external consultant. The consultant was on vacation and sick for a total of about 1 month.

Once back at work he started accessing the system and doing this work. Immediately ATA became suspicious and sendt out an alert.

mail-warning-ata

ATA flagged the behavior as abnormal due to the consultant being away for such a long period of time.

identity-theft-ata

This said, a lot of companies are not closing down consultant accounts after they are done working. Some keep them open waiting for “next incident” and some just forget to remove them.

ATA can help you to keep track of this and alerts you if a old consultancy account is stolen.

haukeberg

I enjoy computer gaming, zombie movies and mindless action scenes.

Author archive Author website

January 27, 2017

Coding without code, Enterprise Mobility Suite

Advanced threat analytics, ATA, false positive, microsoft ata

Leave a Reply Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this:

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V