This article describes the enhancements in Microsoft Advanced Threat Analytics (ATA) v1.8, and also includes Update 1 for ATA v1.8, for more information, see KB4036650.
Adds detection of abnormal modification of sensitive groups
Adds detection of suspicious authentication failures (behavioral brute force)
Improves remote execution detection
Improves unusual protocol implementation to detect WannaCry malware
Enhances Kerberos Golden Ticket detection
Better management of suspicious activity: exclusion, deletion and suppression
Local collection of events while you are using lightweight gateway
Center performance improvements
For more information, see What's new in ATA 1.8.
How to get this update
Method 1: Microsoft Update
Use Microsoft Update to automatically download and install the update.
Method 2: Microsoft Download Center
The following file is also available for download from the Microsoft Download Center:
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Update detail information
To install this update, you should first install Microsoft Advanced Threat Analytics v1.7 with Update 2 (1.7.5757) or with Update 1 (1.7.5647) or v1.8 (1.8.6645). If you are using version 1.7.5402, you must first upgrade to 1.7.5757.
To apply this update, you don't have to make any changes to the registry.
You may have to restart the computer after you apply this update.
Update replacement information
This update doesn't replace a previously released update.
Learn about the terminology that Microsoft uses to describe software updates.