UEBA : Ransomware Behavior Detected

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

UEBA : Ransomware Behavior Detected

Enabled by default

False

Default senseValue

15

Default senseValueSource

10

Default senseValueDestination

10

Description

Detects behavior that is typically seen during a ransomware infection.

Support rule

BB:UBA : Common Event Filters

Required configuration

Add the appropriate values to the following reference set: "UBA : Windows Common Processes".

Log source types

Microsoft Windows Security Event Logs (EventID: 4663)