UBA : Potential Lateral Movement

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Potential Lateral Movement

Enabled by default

True

Default senseValue

25

Description

Detection of potential lateral movement based on machine learning analysis of internal destination IP address, port, and network zone usage.

Required configuration

Install Machine Learning and enable the Lateral Movement models.

Log source types

IBM Sense (EventID: internal asset usage, internal destination port, network zones, new internal asset, new internal destination port, new network zone)