UBA : Possible Directory Services Enumeration
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Possible Directory Services Enumeration
Enabled by default
False
Default senseValue
5
Description
Detects reconnaissance attempts to Directory Service Enumeration.
Support rule
BB:UBA : Common Event Filters
Required configuration
Add the appropriate values to the following reference set: "UBA : Domain Controller Administrators"
Log source types
Microsoft Windows Security Event Log (EventID: 4661)