UBA : Netcat Process Detection (Linux)

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Netcat Process Detection (Linux®)

Enabled by default

False

Default senseValue

15

Description

Detects netcat process on a Linux system.

Support rule

BB:UBA : Common Log Source Filters

Required configuration

Enable Search assets for username, when username is not available for event or flow data in Admin Settings > UBA Settings.

Log source types

Linux OS (EventID: SYSCALL)