UBA : Netcat Process Detection (Linux)
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Netcat Process Detection (Linux®)
Enabled by default
False
Default senseValue
15
Description
Detects netcat process on a Linux system.
Support rule
BB:UBA : Common Log Source Filters
Required configuration
Enable Search assets for username, when username is not available for event or flow data in .
Log source types
Linux OS (EventID: SYSCALL)