UBA : Network Traffic : Capture Monitoring and Analysis Program Usage
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Network Traffic : Capture Monitoring and Analysis Program Usage
Enabled by default
False
Default senseValue
15
Description
Indicates that a process is created and the process name matches one of the binary names that are listed in the reference set "UBA : Network Capture, Monitoring and Analysis Program Filenames". This reference set lists the binary names of network packet capturing software. The reference set is pre-populated with the names of some common network protocol analysis software filenames.
For more information about adding or removing programs for monitoring, see Managing network monitoring tools.
Support rule
BB:UBA : Common Event Filters
Required configuration
Add the appropriate values to the following reference set: UBA : Network Capture Monitoring and Analysis Program Filenames.
Log source types
Microsoft Windows Security Event Log