UBA : Windows Access with Service or Machine Account

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Windows Access with Service or Machine Account

Enabled by default

False

Default senseValue

15

Description

Detects any interactive session (RDP, local login) that is initiated by a service or machine account in Windows Server. Accounts are listed in the UBA : Service, Machine Account reference set. Edit the list to add or remove any accounts to flag from your environment.

Support rules

BB:UBA : Common Event Filters

Required configuration

Add the appropriate values to the following reference sets: "UBA : Service, Machine Account".

Log source types

Microsoft Windows Security Event Log (EventID: 4776)