UBA : Replication Request from a Non-Domain Controller

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Replication Request from a Non-Domain Controller

Enabled by default

False

Default senseValue

5

Description

Detects replication requests from an illegitimate Domain Controller

Support rules

BB:UBA : Common Event Filters

Required configuration

Add the appropriate values to the following reference set: "UBA : Domain Controller Administrators".

Log source types

Microsoft Windows Security Event Log (EventID: 4662)