Implementing and Managing Microsoft Advanced Threat Analytics

På denna Microsoft Advanced Threat Analytics-kurs lär du dig att implementera och använda Advanced Threat Analytics (ATA) för att snabbt snabbt identifiera avancerade beständiga hot. ATA ger dig stöd i din jakt på cyberhot i allt från att upptäcka kända angrepp och hitta onormal aktivitet med maskininlärning och beteendeanalys. Kursen hålls på engelska av en expert från säkerhetsföretaget CQure.

200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. The Microsoft Advanced Threat Analytics (ATA) helps to identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. Customers that want to proactively monitor the environment should be more aware about which activities are malicious, which are good. This is a great challenge when this relates to the hundred-servers environment.

Target audience

Infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.


Author’s unique tools, Exercises and presentations slides with notes.

About the Author

Paula Januszkiewicz is a word-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor.

Top-speaker at world known conferences, including being No 1 speaker at Microsoft Ignite!


An ideal candidate for this course should have attended Masterclass: Hacking and Securing Windows Infrastructure. You should alternatively have good knowledge on Windows authentication mechanisms and protocols. You should have good understanding of PTH and PTT attacks. Experience in Active Directory Domain Services is highly recommended.

För att alltid hålla en hög kvalitet på våra teknikkurser använder vi både engelsk- och svensktalande experter som kursledare.


Threat landscape

  • Risks for cloud and on-premise infrastructure
  • Modern threats
  • Incident response flaws

ATA Architecture

  • ATA Center
  • ATA Gateway
  • ATA Console
  • Multi-segment networks


  • Active Directory requirements
  • Networking requirements
  • Database requirements
  • Capacity planning
  • Port and protocols 


  • Port monitoring
  • Event collection
  • Mobility support
  • Integration to SIEM/Syslog
  • Virtualization issues

Detection module

  • Incident responding
  • Short-term lease subnets
  • Honeytokens

Analytics module

  • Suspicious Activities Time Line
  • Filtering Suspicious Activities
  • Self-learning


  • ATA Console
  • ATA Configuration
  • Alerts
  • Health Center
  • Database management
  • Telemetry


  • Backup and Restore
  • Logs
  • Performance counters
  • Database

Further steps

  • Advanced monitoring techniques
  • Incident response plans

Om kursen

Pris: 28 950,00 kr

exklusive moms

Längd 3 dagar
Kurskod CQ-ATA

Kursen hålls på begäran

Kontakta oss för mer information.

Telefon: 08-440 11 00