UBA : Pass the Hash
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Pass the Hash
Enabled by default
False
Default senseValue
15
Description
Detects Windows logon events that are possibly generated during pass the hash exploits.
Support rule
BB:UBA : Common Event Filters
Required configuration:
Add the appropriate values to the following reference set: UBA : Trusted Domains.
Log source types
Microsoft Windows Security Event Logs (EventID: 4624)