UBA : Ransomware Behavior Detected

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Ransomware Behavior Detected

Enabled by default

False

Default senseValue

15

Description

Detects behavior that is typically seen during a ransomware infection.

Support rule

BB:UBA : Common Event Filters

Required configuration

Add the appropriate values to the following reference set: "UBA : Windows Common Processes".

Log source types

Microsoft Windows Security Event Logs (EventID: 4663)