UBA : Kerberos Account Enumeration Detected

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Kerberos Account Enumeration Detected

Enabled by default

False

Default senseValue

10

Description

Detects Kerberos account enumeration by detecting high number of user names being used to make Kerberos requests from same source IP.

Support rule

BB:UBA : Common Event Filters

Log source types

Microsoft Windows Security Event Log (EventID: 4768)