UBA : Network Traffic : Capture Monitoring and Analysis Program Usage

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Network Traffic : Capture Monitoring and Analysis Program Usage

Enabled by default

False

Default senseValue

15

Description

Indicates that a process is created and the process name matches one of the binary names that are listed in the reference set "UBA : Network Capture, Monitoring and Analysis Program Filenames". This reference set lists the binary names of network packet capturing software. The reference set is pre-populated with the names of some common network protocol analysis software filenames.

For more information about adding or removing programs for monitoring, see Managing network monitoring tools.

Support rule

BB:UBA : Common Event Filters

Required configuration

Add the appropriate values to the following reference set: UBA : Network Capture Monitoring and Analysis Program Filenames.

Log source types

Microsoft Windows Security Event Log