UEBA : Kerberos Account Enumeration Detected

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

Enabled by default

False

Detects Kerberos account enumeration by detecting high number of user names being used to make Kerberos requests from same source IP.

BB:UBA : Common Event Filters

Microsoft Windows Security Event Log (EventID: 4768)