UBA : Possible SMB Session Enumeration on a Domain Controller
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Possible SMB Session Enumeration on a Domain Controller
Enabled by default
False
Default senseValue
10
Description
Detects attempts at SMB enumeration against a domain controller.
Support rule
BB:UBA : Common Event Filters
Required configuration
Add the appropriate values to the following reference sets:
- UBA : Domain Controllers
- UBA : Domain Controller Administrators
Log source types
Microsoft Windows Security Event Log (EventID: 5140)