Microsoft Advanced Threat Analytics (ATA) is a platform that enables you to protect your infrastructure from cyber attacks. ATA is using a parsing engine to capture network traffic of protocols such as Kerberos. It monitors authentication and authorization. This can be done with port mirroring from Domain Controllers and other important computers. You can also deploy ATA directly on Domain Controllers which is called ATA Lightweight Gateway.
You can check the original post, via Cyber Security: Installing Microsoft Advanced Threat Analytics (ATA) version 1.8
When a computer joins a domain, a computer account is created in AD. The computer account gets its own password that will expire after 30 days (default). When the password expires, the computer itself will initiate a password change with a DC in its domain.
When the computer starts up, it uses this password to create a secure channel (SC) with a DC. The computer will request to sign all traffic that passes the SC. If a DC says “go ahead”, all traffic that is signed passes through this channel.
Traffic like NTLM pass through authentication is typically signed traffic.
So what happens if there is a mismatch between the computer account password? The computer tries to authenticate, but the DC says this is not the correct password.
The SC is down.
To reset the SC between a computer and a DC:
Open PowerShell on the local computer with the broken SC and run the cmdlet:
Test-ComputerSecureChannel -repair -credential (Get-credential)
Source: Using Windows PowerShell to fix a broken Secure Channel and reset the computer account