UBA : Windows Access with Service or Machine Account
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Windows Access with Service or Machine Account
Enabled by default
False
Default senseValue
15
Description
Detects any interactive session (RDP, local login) that is initiated by a service or machine account in Windows Server. Accounts are listed in the UBA : Service, Machine Account reference set. Edit the list to add or remove any accounts to flag from your environment.
Support rules
BB:UBA : Common Event Filters
Required configuration
Add the appropriate values to the following reference sets: "UBA : Service, Machine Account".
Log source types
Microsoft Windows Security Event Log (EventID: 4776)