Atividade de autenticação

O modelo Authentication Activity controla a atividade de um usuário na categoria Autenticação de alto nível e cria um modelo comportamental aprendido para cada hora do dia.

Ative o modelo de aprendizado de máquina Authentication Activity para exibir a atividade do usuário na categoria de alto nível Autenticação na página Detalhes do usuário. Se a atividade de Autenticação do usuário desviar do comportamento aprendido, ela será considerada suspeita e um Evento de verificação será gerado para aumentar a pontuação de risco do usuário.

Nome do evento

UBA: aumento anormal na atividade de autenticação

sensevalue

5

Configuração Necessária

O sistema está monitorando eventos que têm a categoria de alto nível de Autenticação do QRadar®

Tipos de origem de log

3Com Switch série 8800, APC UPS, AhnLab Policy Center APC, Amazon AWS CloudTrail, Apache HTTP Server, Segurança de aplicativos DbProtect, Arbor Networks Pravail, Arpeggio SIFT-IT, Array Networks SSL VPN Gateways de acesso, Aruba ClearPass Policy Manager, Aruba Introspect, Aruba Mobility Controller, Avaya VPN Gateway, Barracuda Spam & Virus Firewall, Barracuda Web Application Firewall, Barracuda Web Filter, Bit9 Plataforma de segurança, Box, Bridgewater Systems AAA Service Controller, Brocade FabricOS, CA ACF2, CA SiteMinder, CA Top Secret, CRE System, CRYPTOCard CRYPTOShield, Carbon Black Protection, Centrify Identity Platform, Centrify Infrastructure Services, Check Point, Cilasoft QJRN/400, Cisco ACS, Cisco Adaptive Security Appliance (ASA), Cisco Aironet, Cisco CSA, Cisco Call Manager, Cisco CatOS para switches Catalyst, Cisco FireSIGHT Management Center, Cisco Firewall Services Module (FWSM), Cisco IOS, Cisco Identity Services Engine, Cisco Intrusion Prevention System (IPS), Cisco IronPort, Cisco NAC Appliance, Cisco Nexus, Cisco PIX Firewall, Cisco VPN 3000 Series Concentrator, Cisco Wireless LAN Controllers, Cisco Wireless Services Module ( WiSM ), Citrix Access Gateway, Citrix NetScaler, CloudPassage Halo, Cloudera Navigator, Filtro de mensagens de autenticação configurável, CorreLog Agente para IBM® zOS, CrowdStrike Falcon Host, Mecanismo de regras personalizadas, Cyber-Ark Vault, CyberGuard TSP Firewall/VPN, DCN DCS/DCRS Series, DG Technology MEAS, EMC VMWare, ESET Remote Administrator, Enterprise-IT-Security.com SF-Sherlock, Epic SIEM, Event CRE Injected, Extreme 800-Series Switch, Extreme Dragon Network IPS, Extreme HiPath, Extreme Matrix E1 Switch, Extreme Matrix K/N/S Series Switch, Extreme NAC, Extreme NetsightASM, Extreme Networks ExtremeWare Sistema Operacional (SO), Extreme Stackable and Standalone Switches, Extreme XSR Security Routers, F5 Networks BIG-IP APM, F5 Networks BIG-IP ASM, F5 Networks BIG-IP LTM, F5 Redes FirePass, FireEye, Flow Classification Engine, Forcepoint Sidewinder, ForeScout CounterACT, Fortinet FortiGate Security Gateway, Foundry Fastiron, FreeRADIUS, H3C Comware Platform, HBGary Active Defense, HP Network Automation, HP ProCurve, HP Tandem, Huawei AR Series Router, Huawei S Series Switch, HyTrust CloudControl, IBM AIX® Audit, IBM AIX Server, IBM BigFix, IBM Bluemix Platform, IBM DB2®, IBM DataPower®, IBM Fiberlink® MaaS360®, IBM Guardium®, IBM IMS, IBM Lotus Domino, IBM Proventia Network Intrusion Prevention System (IPS), IBM QRadar Network Security XGS, IBM Resource Access Control Facility ( RACF® ), IBM Security® Access Manager for Enterprise Single Sign-On, IBM Security Access Manager for Mobile, IBM Security Directory Server, IBM Security Identity Governance, IBM Security Identity Manager, IBM SmartCloud® Orchestrator, IBM Tivoli® Access Manager for e-business, IBM WebSphere® Application Server, IBM i, IBM z/OS®, IBM zSecure Alert, ISC BIND, Illumio Adaptive Security Platform, Imperva SecureSphere, Infoblox NIOS, Itron Smart Meter, Juniper Junos OS Platform, Juniper Junos WebApp Secure, Juniper MX Series Ethernet Services Router, Juniper Networks Firewall and VPN, Juniper Networks Intrusion Detection and Prevention (IDP), Juniper Networks Network and Security Manager, Juniper Steel-Belted Radius, Juniper WirelessLAN, Kaspersky Security Center, Lieberman Random Password Manager, LightCyber Magna, Linux® OS, Mac OS X, McAfee Controle de aplicativos/alterações, McAfee Plataforma de segurança de rede, McAfee ePolicy Orchestrator, Metainfo MetaIP, Microsoft Azure, Servidor DHCP da Microsoft, Servidor Microsoft Exchange, Microsoft Hyper-V, Servidor IAS da Microsoft, Microsoft IIS, Microsoft ISA, Microsoft Office 365, Microsoft Operations Manager, Microsoft SCOM, Microsoft SQL Server, Microsoft SharePoint, Microsoft Windows Log de eventos de segurança, Motorola SymbolAP, NCC Group DDos Secure, Netskope Active, Nortel Application Switch, Nortel Contivity VPN Switch, Nortel Contivity VPN Switch (obsoleto), Nortel Ethernet Routing Switch 2500/4500/5500, Nortel Ethernet Routing Switch 8300/8600, Nortel Multiprotocol Router, Nortel Secure Network Access Switch (SNAS), Nortel Secure Router, Nortel VPN Gateway, Novell eDirectory, OS Services Qidmap, OSSEC, ObserveIT, Okta, Open LDAP Software, OpenBSD OS, Oracle Acme Packet SBC, Oracle Audit Vault, Oracle BEA WebLogic, Oracle Database Listener, Oracle Enterprise Manager, Oracle RDBMS Audit Record, Oracle RDBMS OS Audit Record, Palo Alto Endpoint Security Manager, Palo Alto PA Series, Pirean Access: One, PostFix MailTransferAgent, ProFTPD Server, Proofpoint Enterprise Protection/Enterprise Privacy, Pulse Secure Pulse Connect Secure, RSA Authentication Manager, Radware AppWall, Radware DefensePro, Redback ASE, Riverbed SteelCentral NetProfiler Audit, SIM Audit, SSH CryptoAuditor, STEALTHbits StealthINTERCEPT, SafeNet DataSecure/KeySecure, Salesforce Security Auditing, Salesforce Security Monitoring, Sentrigo Hedgehog, Skyhigh Networks Cloud Security Platform, Snort Open Source IDS, Solaris BSM, Solaris Operating System Authentication Messages, Solaris Operating System Sendmail Logs, SonicWALL SonicOS, Sophos Astaro Security Gateway, Squid Web Proxy, Starent Networks Home Agent (HA), Stonesoft Management Center, Sybase ASE, Symantec Encryption Management Server, Symantec Endpoint Protection, ThreatGRID Malware Threat Intelligence Platform, TippingPoint Intrusion Prevention System (IPS), TippingPoint X Series Appliances, Top Layer IPS, Trend Micro Deep Discovery Email Inspector, Trend Micro Deep Discovery Inspector, Trend Micro Deep Security, Tripwire Enterprise, Tropos Control, Universal DSM, VMware vCloud Director, VMware vShield, Vectra Networks Vectra, Venustech Venusense Security Platform, Verdasys Digital Guardian, Vormetric Data Security, WatchGuard Fireware OS, genua genugate, iT-CUBE agileSI