UBA : Replication Request from a Non-Domain Controller
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Replication Request from a Non-Domain Controller
Enabled by default
False
Default senseValue
5
Description
Detects replication requests from an illegitimate Domain Controller
Support rules
BB:UBA : Common Event Filters
Required configuration
Add the appropriate values to the following reference set: "UBA : Domain Controller Administrators".
Log source types
Microsoft Windows Security Event Log (EventID: 4662)