EBA: Excessive Connection Attempts to High Risky Remote Access Ports on events which are detected by the Local system
The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.
EBA: Excessive Connection Attempts to High Risky Remote Access Ports on events which are detected by the Local system
Enabled by default
True
Default senseValueDestination
5
Default senseValueSource
10
Description
Detects excessive connection attempts to critical remote access and service ports by identifying a source IP generating at least 20 connections to critical service ports within 5 minutes.
Support rules
- BB:UBA : Common Log Source Filters
- BB:UBA : Critical Service Ports
Log source types
Firewall logs, Network Flow (NetFlow), EDR Telemetry