UBA : Detected Activity from a Locked Machine
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Detected Activity from a Locked Machine
Enabled by default
False
Default senseValue
10
Description
Detects activity from a locked machine.
Support rules
BB:UBA : Common Event Filters
BB:UBA : Windows Process Created
BB:UBA : Workstation Locked
BB:UBA : Workstation Unlocked
Log source types
Microsoft Windows Security Event Log (EventID: 4688, 4800, 4801)