ATA – Microsoft Advanced Threat Analytics – Deployment Guide Part 2

In my previous blog post I discussed the requirements for ATA in this post I will discuss how to install ATA.

First of all we must start with the ATA Center before we install the collectors the wizard is quite straight forward and will get you to the configuration page very quickly as shown below:

ata config

For most parts you can accept the default settings. For the certificates you have two options which are:

  • Self Signed certificate – If so tick the box and away you go
  • Internal certificate from a CA – Now this can be changed later to a public certificate or a certificate with multiple SANS. But by default the wizard will only create the certificate with a single name which is the servers hostname by default.

Click install and the installation should complete. Then click Launch to launch the console you will notice certificate errors as by default ATA uses the console IP address to create the shortcut on the desktop.

At this stage if you want to change the certificate this is the best time to do so.

Create your certificate with the additional names required (it must contain the server name as one of them) the SAN could be something like (also ensure you create an internal DNS A record that will resolve to the correct IP address).

Insert the certificate into the store locally on the server, then in bindings on IIS to change the certificate to your new one. Note that if the certificate does NOT have its private key IIS will throw up and error so ensure this is imported at the same time.

Restart IIS fire up the console with your name e.g. and you should be able to log in with your admin account without any warnings.

If you wish at this stage to create extra admins these can either be members of the local administrators group or the Microsoft Advanced Threat Analytics Administrators Group. Now because these are local groups you might want to create an AD group and nest this within the ATA Admins group to make it easier to manage.

mata console

If you have any problems getting to the console first of all ensure the service is up and running or consult the error logs at %programfiles%\Microsoft Advanced Threat Analytics\Center\Logs\Microsoft.Tri.Center-Errors.log

The next step is to configure and install the collector(s) or the ATA Gateway role. Once logged into the console navigate to Configuration and enter your service account that you created in the readiness steps as shown below. Then click Save

sA account mata

Now we need to download the ATA gateway setup from the console, but first of all logon to the server that will be the Gateway server and open up the ATA console. Navigate to Configuration again and click “Download ATA Gateway Setup”

Before you extract the files and run the installer ensure you have the following hotfix installed KB2919355 which you can check via PowerShell whilst running the following command:

get-hotfix -id kb2919355

Run the wizard until you get to the following page:


Select your installation path, as before you have two options for the certificate self signed or from an internal CA. Then the username and password of the service account we created in Part 1

This completes the installation. In the next part we will discuss the configuration of ATA in part 3.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.