ATA Reports
Applies to: Advanced Threat Analytics version 1.9
The ATA reports section in the console enables you to generate reports that provide you with system status information, both system health and a report of the suspicious activities detected in your environment.
To access the reports page, select the report icon in the menu bar: . The reports that are available are:
Summary report: The Summary report presents a dashboard of the status in the system. You can view three tabs - one for a Summary of what was detected on your network, Open suspicious activities that lists the suspicious activities you should take care of, and Open health issues that lists ATA system health issues you should take care of. The suspicious activities listed are broken down by type, as are the health issues.
Modification of sensitive groups: This report lists every time a modification is made to sensitive groups (such as admins).
Passwords exposed in cleartext: Some services use the LDAP non-secure protocol to send account credentials in plain text. This can even happen for sensitive accounts. Attackers monitoring network traffic can catch and then reuse these credentials for malicious purposes. This report lists all source computer and account passwords that ATA detected as being sent in clear text.
Lateral movement paths to sensitive accounts: This report lists the sensitive accounts that are exposed via lateral movement paths. For more information, see Lateral movement paths
There are two ways to generate a report: either on demand or by scheduling a report to be sent to your email periodically.
To generate a report on demand:
In the ATA console menu bar, select the report icon in the menu bar: .
Under either your selected report type, set the From and To dates and select Download.
To set a scheduled report:
In the Reports page, select Set scheduled reports, or in the ATA Console configuration page, under Notifications and Reports, select Scheduled reports.
Note
The daily reports are designed to be sent shortly after midnight, UTC.
Select Schedule next to your selected report type, to set the frequency and email address for delivery of the reports, and select the plus sign next to the email addresses to add them, and select Save.
Note
Scheduled reports are delivered by email and can only be sent if you have already configured an email server under Configuration and then, under Notifications and Reports, select Mail server.