UBA : Potential Lateral Movement
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Potential Lateral Movement
Enabled by default
True
Default senseValue
25
Description
Detection of potential lateral movement based on machine learning analysis of internal destination IP address, port, and network zone usage.
Required configuration
Install Machine Learning and enable the Lateral Movement models.
Log source types
IBM Sense (EventID: internal asset usage, internal destination port, network zones, new internal asset, new internal destination port, new network zone)