The ATA Lightweight Gateway component can directly be installed on domain controllers to monitor Active Directory traffic without the need of port mirroring. This is the quickest way to get ATA up and running. However, it will increase the resource requirement of domain controllers.

Both gateways do the following:

• Capture and inspect domain controller network traffic
• Receive Windows events from different data sources such as SIEM, Syslog servers, and Windows Event Forwarding
• Retrieve data about users and computers from the Active Directory domain
• Perform resolution of network entities (users, groups, and computers)
• Transfer relevant data to the ATA Center