UBA : ShellBags Modified By Ransomware
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : ShellBags Modified By Ransomware
Enabled by default
False
Default senseValue
10
Description
Detects ShellBag registry modifications that indicate typical malware or ransomware behavior.
Support rules
BB:UBA : Common Event Filters
Log source types
Microsoft Windows Security Event Logs (EventID: 4657)