UBA : Ransomware Behavior Detected
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Ransomware Behavior Detected
Enabled by default
False
Default senseValue
15
Description
Detects behavior that is typically seen during a ransomware infection.
Support rule
BB:UBA : Common Event Filters
Required configuration
Add the appropriate values to the following reference set: "UBA : Windows Common Processes".
Log source types
Microsoft Windows Security Event Logs (EventID: 4663)