UBA : ShellBags Modified By Ransomware

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : ShellBags Modified By Ransomware

Enabled by default

False

Default senseValue

10

Description

Detects ShellBag registry modifications that indicate typical malware or ransomware behavior.

Support rules

BB:UBA : Common Event Filters

Log source types

Microsoft Windows Security Event Logs (EventID: 4657)