NOTE! Downloading the module via zip file from github causes an encoding issue and the module will not show as signed. To avoid this issue install from the PS Gallery using PowerShell (Install-Module Advanced-Threat-Analytics) or download via git command line.
- ATA Center Version 1.8+
- Windows Management Framework 5.1+
The Advanced-Threat-Analytics PowerShell module was designed to make it easy for customers to interface with the ATA Center through a simple set of cmdlets. While this module is signed by Microsoft, it should be made very clear that it is not a formal part of the ATA product and there is no warranty of any kind or guaranteed support.
It is recommended to install the module either directly on the ATA Center or on a domain joined PC. The module uses the credentials of the signed in Windows user to authenticate to the ATA Center. This means that you will not be able to use the module with a user that cannot also log into the ATA Center.
If you install the module on the ATA Center, you can either log into the ATA Center to execute commands or use 'Import-PSSession -Module Advanced-Threat-Analytics' to import the module into a temporary session on a management PC. By default the module is looking for the ATA Center via localhost, so if you choose to install the module on a domain-joined management PC, you will need to run Set-ATACenterURL and specify the ATA Center URL. (example: atacenter.contoso.com)
Run PowerShell as an administrator and execute the below command: Install-Module Advanced-Threat-Analytics
The module should install from the PowerShell gallery. If localhost resolves to your ATACenter, you should be all set to start using the cmdlets. If not, you will want to run Set-ATACenterURL and specify the URL for your ATA Center. This can be found in the configuration.
Clone the module from this github and place the contained Azure-Security-Center folder in any approved module path. For more information on installing modules see: https://msdn.microsoft.com/en-us/library/dd878350(v=vs.85).aspx
Validate the server is on WMF 5.1+
Install the Package Manager MSI to enable Module and Package cmdlets on the server: https://www.microsoft.com/en-us/download/details.aspx?id=51451
Run PowerShell as an administrator and execute the below command: Install-Module Advanced-Threat-Analytics The module should install from the PowerShell gallery. If localhost resolves to your ATACenter, you should be all set to start using the cmdlets. If not, you will want to run Set-ATACenterURL and specify the URL for your ATA Center. This can be found in the configuration.
Validate the server is on WMF 5.1+
Clone the module from this github and place the contained Azure-Security-Center folder in any approved module path. For more information on installing modules see: https://msdn.microsoft.com/en-us/library/dd878350(v=vs.85).aspx
Step #1 after installing the module will be to set your ATA Center URL. This is simply a global variable $ATACenter that should reflect the URL you set in the ATA Center configuration page. (example: atacenter.mydomain.com or 10.2.3.5) Do not use "https://". To assist with setting the variable, I added a simple function that sets it for you called Set-ATACenterURL.
If you are using a self-signed certificate in your ATA Center, there is a good chance you will see an error when using the module that says something about inability to create a secure SSL/TLS channel. If you get this error, please run the Resolve-ATASelfSignedCert cmdlet and try again.
Get-Command -Module Advanced-Threat-Analytics
This command will show you the available functions in the module.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.