Advanced Threat Analytics

Welcome! You can use this site to give feedback directly to our engineering teams that build the security products you rely on. You can suggest features or design changes, and vote on suggestions others have made. If you would like to further engage our engineering teams, please join our Security Community by visiting https://aka.ms/SecurityCommunity.

To learn more about Microsoft Advanced Threat Analytics or try it out, visit the product page.

  1. Renewing an existing certificate / automatically

    The process of renewing an existing certificate is not supported. The only way to renew a certificate is by creating a new certificate and configuring ATA to use the new certificate.

    Also the only way to upload a certificate is via UI / please at least allow powershell or some API way to do that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  2. 3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide more frequent releases

    ATA doesnt seem to get updates very often. Initially it did. Updates means there is active development. Please keep it fresh and current!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  4. Configuration changes using cmdlets

    Currently, exclusion settings are set in the GUI one by one, but cannot be set at once.
    We would like to use commandrets settings, and some batch processing.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
  5. Move ATA Sizing tool to microsoft download center

    Can you move the sizing tool to a more reputable source like the MS Download Center? Or heck, even GitHub? And can you provide a single compressed exe with no dependencies on dll files?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  6. Migrate from Mongodb to SQL Express

    Can we get a version of this product that uses SQL Express instead of Mongo? I watched a video from one of your conferences with the speaker (I don't recall her name) stated that they would rather focus on providing better detection instead of using a different database technology. Well, it's now been a year and a half since the last product update. So that to me means this product is pretty close to maturity, so why not provide this using SQL Express?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  7. email notifications

    ATA per-alert email notifications

    I would like to send specific alert from the email notifications to specific department. For example, I would like to send to our infra team automatically for first step of investigation about specific alert such as Suspicion of identify theft based on abnormal behavior. Because this case usually our engineer logged in some laptop or server for legitimate tasks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add role to view software inventory of "my" machines

    Currently, the software inventory is an "all or nothing" ting - I have access to data of all machines or no machines. But we have a lot of users that are allowed to install additional software (like VLC player), but need to manage updates of this software by themself.

    It would be great if each member of an AAD can see the software inventory data of all machines where she/he is in the group of local administrators (or the "Enrolled by User" shown in Intune or the "assigned user" in Windows Autopilot - whatever is faster to implement).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  9. Typo found in logs

    We have implemented ATP and it has been to analyze the events. I found a typo in the logs .

    You may search for the following string > Potential sensiive lateral movement path ... > Please change the string incudes to includes. Just little typo. I could have sent a screenshot , but there is no such option here.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  10. More Information from Entities Recently Learned

    Currently, when a new entity is learned by ATA, a notification is listed on the right side of the screen. For example:

    "Entities recently learned
    1 computer
    2 hours ago"

    Would it be possible to make that notification user-interactive so the recently learned entities are listed as well? Currently, the notification does not give any additional information.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  11. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  12. Timeline and Activities Focus - Allow Configurable Refresh Rate

    Please consider adding configuration to all the customer to determine the refresh rate when viewing the timeline or activities timeline for an entity. The existing version 1.9 Update 1 seems to refresh frequently and this can be slightly annoying when trying to review the information. Allowing an option to configure this or pause it would be helpful. Thanks.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  13. Model Admin account behavior separate from standard users

    Administrative accounts are expected to behave differently than standard users in an organization. I would like to see the ability to 'tag' these accounts and have their behavior modeled separately from the non tagged users. This would allow ATA to still monitor the accounts for signs of compromise, rather than excluding them to suppress the false positives - providing better coverage for the organization.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  14. MongoDB security hardening

    I'd like to have possibility to enable SSL, encryption, authentication, auditing on the MongoDB instance. Some of these options like authentication or SSL enablement are crashing ATA, other like auditing and encryption are reserved to MongoDB Enterprise, while ATA comes with Community version.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  15. Log DNS requests and answers at client level

    Instead of logging DNS requests and answers at DNS server level, do it at the client level instead.
    Take the opportunity to do it at the client resolver cache level (local service) to also log which process is doing which DNS request.
    For ease of processing, log to windows event logs in separate event (1 for request, 1 for response, use DNS transaction ID to uniquely identify request/response pairs).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  16. Possibility to create custom query and (then) alerts

    The data is already in the database so it would be nice to make it possible to query data like:

    - "show me all userobjects which had password changes and were not used to logon in the last 14 days."

    - "show me all computerobjects which are not member of this group or that group"

    After we got the data back of the query it would be nice to save the query for future use and to create alerts when the data which is given back by the query got news or changes like:

    - "send me an e-mail if…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
  17. Learning Period for ID Theft Alert

    In the future releases, could we see an option to change the threshold for ID theft learning period? A 30 day learning/alerting period is proving to be a little short in our environment.

    Thank you.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  19. Public API documentation for ATA Center console

    ATA is a nice product, but maintenance of exclusions through the Console is a bit of a nightmare.

    Would it be possible to see the JSON spec for the /systemprofile/ api endpoint somewhere?

    Someone already wrapped calls for the timeline and a few config options in this PowerShell module: https://www.powershellgallery.com/packages/Advanced-Threat-Analytics/0.0.12

    But it would be great to be able to manage exclusions directly the API as well

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
  20. Digitally Sign Emailed Reports

    The ability to digitally sign / encrypt reports is critical in a secured environment where reports cannot be sent without a digital signature / encryption.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base