Internal Destination Ports by Peer Group
The Internal Destination Ports by Peer Group model determines if a user's access to internal destination ports is significantly different from that user's defined group. If the user's access is deemed suspicious, a Sense Event is generated to increase the user's risk score.
Event name
UBA : Abnormal usage of internal destination port for peer group
sensevalue
5
Required configuration
Select a group from the group by field, such as job title, department, or custom group in order to enable the model. Groups are defined in the user import tuning configuration originating from the user import data. For more information, see Tuning user import configurations.
Configure the Network Hierarchy to help with the accuracy of determining internal destination ports.
Log source types
All events that have a defined username and local destination port.