UBA : Kerberos Account Enumeration Detected
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Kerberos Account Enumeration Detected
Enabled by default
False
Default senseValue
10
Description
Detects Kerberos account enumeration by detecting high number of user names being used to make Kerberos requests from same source IP.
Support rule
BB:UBA : Common Event Filters
Log source types
Microsoft Windows Security Event Log (EventID: 4768)