Working with ATA audit logs
Applies to: Advanced Threat Analytics version 1.9
The ATA audit logs are kept in the Windows Event Logs under Applications and Services and then Microsoft ATA both on the ATA Center and ATA Gateway machines.
The ATA Center audit log contains:
- Suspicious activity information
- Health alerts (health page)
- ATA Console logins
- All configuration changes*
The ATA Gateway audit log contains:
- Gateway configuration changes*
(All ATA Gateway configuration changes are configured on the ATA Center but are still audited on the Gateway machine itself.)
*The configuration change audit log contains both the previous configuration and the new configuration.
See Also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for