UBA : Multiple Kerberos Authentication Failures from Same User
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Multiple Kerberos Authentication Failures from Same User
Enabled by default
False
Default senseValue
15
Description
Detects multiple Kerberos authentication ticket rejections or failures.
Support rules
- BB:UBA : Common Log Source Filters
- BB:UBA : Kerberos Authentication Failures
Required configuration
Enable Search assets for username, when username is not available for event or flow data in .
Log source types
Microsoft Windows Security Event Log (EventID: 4768, 4771)