UBA : Possible Directory Services Enumeration

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Possible Directory Services Enumeration

Enabled by default

False

Default senseValue

5

Description

Detects reconnaissance attempts to Directory Service Enumeration.

Support rule

BB:UBA : Common Event Filters

Required configuration

Add the appropriate values to the following reference set: "UBA : Domain Controller Administrators"

Log source types

Microsoft Windows Security Event Log (EventID: 4661)