UBA : Etki Alanı Denetleyicisine Sistem Yöneticisi Dışında Erişim

QRadar® User Behavior Analytics (UBA) uygulaması, bazı davranış anormallikleri için kurallara dayalı olarak kullanım senaryolarını destekler.

Varsayılan olarak etkin

Yanlış

Varsayılan senseValue

Açıklama

Etki alanı denetleyicisine yönetici olmayan hesap erişimi girişimlerini saptar.

Destek kuralı

BB:UBA: Ortak Olay Süzgeçleri
BB:CategoryDefinition: Kimlik Doğrulaması Başarılı
BB:CategoryDefinition: Kimlik Doğrulama Hataları

Gerekli yapılandırma

Aşağıdaki başvuru kümelerine uygun değerleri ekleyin: "UBA: Domain Controllers" ve "UBA: Domain Controller Administrators"

Günlük kaynağı tipleri

APC UPS, AhnLab Policy Center APC, Amazon AWS CloudTrail, Apache HTTP Server, Application Security DbProtect, Arpeggio SIFT-IT, Array Networks SSL VPN Access Gateway, Aruba ClearPass Policy Manager, Aruba Mobility Controller, Avaya VPN Gateway, Barracuda Spam & Virus Firewall, Barracuda Web Application Firewall, Barracuda Web Filter, Bit9 Security Platform, Box, Bridgewater Systems AAA Service Controller, Brocade FabricOS, CA ACF2, CA SiteMinder, CA Top Secret, CRE Sistemi, CRYPTOCARD CRYPTOSeld, Karbon Siyah Koruma, Merkezy Sunucu Takımı, Denetim Noktası, Kişosoft QJRN/400, Cisco ACS, Cisco Adaptive Security Appliance (ASA), Cisco Aironet, Cisco Csa, Cisco Call Manager, Catalyst Anahtarlar için Cisco CatOS , Cisco güvenlik duvarı hizmetleri modülü (fWSM), Cisco iOS, Cisco Kimlik Hizmetleri Motoru, Cisco İzinsiz Girişi önleme Sistemi (IPS), Cisco IronPort, Cisco NAC Aygıtı, Cisco Nexus, Cisco PIX Güvenlik Duvarı, Cisco VPN 3000 Serisi Çoğullayıcı, Cisco Wireless LAN Denetleyicileri, Cisco Wireless Services Module (WiSM), Citrix Access Gateway, Citrix NetScaler, CloudPassage Halo, Yapılandırılabilir Kimlik Doğrulaması ileti süzgeci, CorreLog Agent for IBM zOS, CrowdStrike Falcon Host, Custom Rule Engine, cyber-Ark kasa, DCN DCS/DCRS serisi, EMC VMWare, eSET Remote Administrator, enterasys Matrix K/N/S Series Switch, enterasys XSR Security Router, Enterprise-IT-Security.com SF-Sherlock, Epik SIEM, Event CRE Injected, Extreme 800 Serisi Switch, Extreme Dragon Network IPS, Extreme HiPath, extreme matris E1 anahtarı, uç ağlar ExtremeWare işletim sistemi (OS), Extreme Stackable ve Standalone Anahtarları, F5 Networks ABM-IP APM, F5 Networks AB-IP LTM, F5 Networks FirePass, Flow Classification Engine, ForeScout CounterACT, Fortinet FortiGate Security Gateway, Foundry Fastiron, FreeRADIUS, H3C Comware Platform, HBGary Active Defense, HP Network Automation, HP Tandem, Huawei AR Series Router, Huawei S Series Switch, HyTrust CloudControl, IBM AIX Audit, IBM AIX Server, IBM BigFix, IBM DB2, IBM DataPower, IBM Fiberlink MaaS360, IBM IMS, IBM Lotus Domino, IBM Proventia Network Intrusion Prevention System (IPS), IBM QRadar Network Security XGS, IBM Resource Access Control Facility (RACF), IBM Security Access Manager for Enterprise Single Sign-On, IBM Security Access Manager for Mobile, IBM Security Identity Governance, IBM Security Identity Manager, IBM SmartCloud Orchestrator, IBM Tivoli Access Manager for e-business, IBM WebSphere Application Server, IBM i, IBM z/OS, IBM zSecure Alert, Aluminio Adaptive Security Platform, Imporio SecureSphere, itron Smart meter, Juniper Junos OS Platform, Juniper MX Series Ethernet Services Router, Juniper Networks Güvenlik Duvarıları ve VPN, Juniper Networks Intrusion Detection and Prevention (IDP), Juniper Networks Network and Security Manager, Juniper Cel-Belted radius, Juniper WirelessLAN, Kaspersky Security Center, Lieberman Random Password Manager, Linux OS, Mac OS X, McAfee Application/Change Control, McAfee Firewall Enterprise, McAfee IntruShield Network IPS Appliance, McAfee ePolicy Orchestrator, Metainfo MetaIP, Microsoft DHCP Server, Microsoft Exchange Server, Microsoft IAS Server, Microsoft IIS, Microsoft ISA, Microsoft Office 365, Microsoft Operations Manager, Microsoft SCOM, Microsoft SQL Server, Microsoft Windows Security Event Log, Motorola SymbolAP, NCC Group DDos Secure, Netskope Active, Niaa, Nortel Application Switch, Nortel Contivity VPN Switch, Nortel Contivity VPN Switch (eski), Nortel Ethernet Yönlendirme Anahtarı 2500/4500/5500, Nortel Ethernet Yönlendirme Anahtarı 8300/8600, Nortel Multiprotocol Router, Nortel Secure Network Access Switch (SNAS), Nortel Secure Router, Nortel VPN Ağ Geçidi, Novell eDirectory, OS Services Qidmap, OSSEC, ObserveIT, Okta, OpenBSD OS, Oracle Acme Packet SBC, Oracle Audit Vault, Oracle BEA WebLogic, Oracle Database Listener, Oracle Enterprise Manager, Oracle RDBMS Audit Record, Oracle RDBMS OS Audit Record, PGP Universal Server, Palo alto uç nokta güvenlik yöneticisi, palo alto PA serisi, Pire erişimi: Bir, ProFTPD Server, Proofpoint Kurumsal Koruma/Kurumsal Gizlilik, Nabız Güvenli Nabız Bağlantı Güvenli, RSA Kimlik Doğrulama Yöneticisi, Radware AppWall, Radware DefensePro, Redback ASE, Riveryatak SteelCentral NetProfiler Denetleme, SIM Denetleme, SSH CryptoAuditor, STEALTHBIT StealthINTERCEPT, SafeNet DataSecure/KeySecure, Salesforce Güvenlik Denetimi, Salesforce Güvenlik İzleme, Sentrigo Kirhog, Skyhigh Networks Cloud Security Platform, SNOt Açık Kaynak IDS, Solaris BSM, Solaris Işletim Sistemi Kimlik Doğrulama Iletileri, Solaris Işletim Sistemi Sendmail Günlükleri, SonicWALL SonicOS, Sophos Astaro Security Gateway, Squid Web Proxy, Starent Ağları Ana Aracı (HA), Stonesoft Management Center, Sybase ASE, Symantec Endpoint Protection, TippingPoint İzinsiz Girişi önleme Sistemi (IPS), TippingPoint X Series Aygıtları, Trend Micro Deep Discovery Email Inspector, Trend Micro Deep Security, Tripwire Enterprise, Tropos Control, Universal DSM, VMware vCloud Director, VMware vShield, Venustech Venusense Security Platform, Verdasys Digital Guardian, Vormetric Data Security, WatchGuard Fireware OS, genua genugate, iT-CUBE agileSI