UBA : DPAPI Backup Master Key Recovery Attempted

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

Enabled by default

False

Detects when recovery is attempted for a DPAPI Master Key.

BB:UBA : Common Event Filters

Microsoft Windows Security Event Log (EventID: 4693)