Microsoft Advanced Threat Analytics Setup – Part 1
So as you may have seen recently Microsoft released their latest threat analytics product “Microsoft Advanced Threat Analytic’s” to the public. To get it you can visit the following link, login with a live ID and then register for the download.
Once you have the ISO image you are good to start setting up the system. For me quick demonstration environment I have the following:
- Firewall / Gateway Device
- Domain Controller running Windows Server 2012 R2, also configured as Certificate Root Authority
- Member Server running Windows Server 2012 R2 on which the ATA Center will be installed
- Member Server running Windows Server 2012 R2 on which the ATA Gateway will be installed
- Other member servers for SharePoint, SQL and a Client Workstation
To perform the installation we need to install the ATA Center, which is done on the Member Server. To ensure this works as expected it is best to have two IP addresses on the same subnet. The reason for this, is that the application uses port mirroring, and needs to assign one IP address to the ATA Center and then one to the IIS Service for the console.
For me my IP Addresses are:
ATA Center = 192.168.1.151/24
IIS Service = 192.168.1.152/24
Now we are ready to perform the installation. On the ISO, there is an application called “Microsoft ATA Center Setup“, simply click that to start the installation.
Next we can follow through the installation wizard,
Next we are presented with the configuration of IP Addresses and SSL Certificates along with locations.
For my environment I have already added a wildcard certificate into the ATA Center Server which was issued by the Root Certificate Authority for my domain. To select an existing certificate simply click the “key” icon and you are then presented with the currently installed certificates.
The installation will take care of all the needed components and roles that for the ATA Center.
During the installation, the server may require rebooting, you will be notified when this I needed.
NOTE: If you don’t want to have the reboot then Install KB2934520 on the ATA Center server and on the ATA Gateway servers before beginning installation.
After the restart, the wizard will continue with the installation automatically after login.
It should now complete successfully and you can then click the “Launch” button to enter the console.
When clicking to launch the console, it will be default, load the site by IP address over SSL. This means that your browser will complain about the certificate as it does match. You can live with this for testing but for production or if you are like you me, you may want to edit the IIS bindings for the console site to be tied to a URL that makes more sense. I created a local entry for https://protect.helix.int and have associated that.
Typing the new URL will then load the console.
To login, use the same account that you used for installed the ATA Center, for me it was the Administrator account. This should get to the core site displaying an expiration message if you are using the trial.
Now we need to actually configure the platform, to do this we will need to access the configuration option from the menu at the top right.
We are then redirected to the “ATA Gateways” screen where we can connect the ATA Center to the domain using a specific account. I am using a domain user account called “ATA“.
It is important that you enter the complete FQDN of the domain where the user is located. For example, if the user’s account is in “something.domain.com” you need to enter “something.domain.com” not “domain.com“.
Once the credentials are saved the “Download ATA Gateway Setup” link becomes available. Download the files and then copy them to the server that will be dedicated to being a gateway.
In the next post we will look at installing and setting up the ATA Gateway.