| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Connecting Microsoft Advanced Threat Analytics to Azure Security Center | Microsoft Docs |
Learn how Azure Security Center integrates with Microsoft Advanced Threat Analytics. |
security-center |
na |
YuriDio |
MBaldwin |
5d80bf91-16c3-40b3-82fc-e0805e6708db |
security-center |
na |
article |
na |
na |
10/13/2017 |
yurid |
This document helps you to configure the integration between Microsoft Advanced Threat Analytics and Azure Security Center.
Advanced Threat Analytics (ATA) is an on-premises platform that helps detect suspicious user behaviors. When connected, you are able to view suspicious actions detected by ATA in Security Center. This integration enables you to view, correlate, and investigate all security alerts related to your hybrid cloud workloads in Security Center.
Assuming that you already have ATA installed, and working properly on-premises, follow these steps to configure this integration:
-
Log on to the ATA Center, and access the ATA portal.
-
Click Syslog server in the left pane.
-
In the Syslog server endpoint field, type 127.0.0.7 (it must be this address), and type 5114 on the port (recommended). While the port number is a recommendation, any unique port should work. Leave all other options as is, and click Save.
-
Click Notifications in the left pane, and enable all the Syslog notifications (recommended) as shown in the following image:
-
Click Save.
-
Open Security Center dashboard.
-
On the left pane, click Security Solutions.
-
Under Advanced Threat Analytics, click ADD.
-
Go to the last step, and click Download agent.
-
In the Add new non-Azure computer page, select the workspace.
-
In the Direct Agent page, download the appropriate Windows agent, and take notes of the Workspace ID and Primary Key.
-
Install this agent in the ATA Center. During the installation, make sure to select the option Connect the agent to Azure Log Analytics (OMS), and provide the workspace ID, and primary key when requested.
Once you finish the installation, the integration is completed, and you will be able to see new alerts sent from ATA to Security Center in Security Alerts and Search. The solution appears in the Security Solutions page, under Connected solutions.
In this document, you learned how to connect Microsoft ATA to Security Center. To learn more about Security Center, see the following articles:
- Connecting Azure Active Directory Identity Protection to Azure Security Center
- Setting security policies in Azure Security Center — Learn how to configure security policies for your Azure subscriptions and resource groups.
- Managing security recommendations in Azure Security Center — Learn how recommendations help you protect your Azure resources.
- Security health monitoring in Azure Security Center — Learn how to monitor the health of your Azure resources.
- Managing and responding to security alerts in Azure Security Center — Learn how to manage and respond to security alerts.
- Monitoring partner solutions with Azure Security Center — Learn how to monitor the health status of your partner solutions.
- Azure Security Center data security - Learn how data is managed and safeguarded in Security Center.
- Azure Security Center FAQ — Find frequently asked questions about using the service.
- Azure Security blog — Get the latest Azure security news and information.