Does this information look incorrect or out-of-date? Please contact us at support@socos.io.
Microsoft ATA captures and parses network traffic of multiple protocols. It also gathers information from multiple data sources to learn the users’ behaviour and to automatically create their behavioural profile.
In order to configure the alert forwarding:
- In the Configuration window, go to the Notifications and Reports section.
- Click on Syslog server.
- Enter the syslog server endpoint details and the port number (the default is 514).
- From the dropdown list, choose the protocol – TCP, UDP or TLS.
- Choose the format that should be used to send the alerts to the server - RFC 5424 or RFC 3164
- Click Save.
- In the Notifications and Reports section, go to Notifications.
- In Syslog notifications, specify what alerts should be forwarded to the Syslog server.
- Click Save.
Setting email notification settings in Advanced Threat Analytics | Microsoft Docs
Set Advanced Threat Analytics notifications | Microsoft Docs