UEBA : Data Exfiltration by Cloud Services
The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.
UEBA : Data Exfiltration by Cloud Services
Enabled by default
False
Default senseValue
5
Default senseValueSource
5
Description
Detects users that are uploading files to personal cloud services.
Support rules
- BB:UBA : Common Event Filters
- BB:UBA : File Transfer to Cloud services
Log source types
Aruba Introspect (EventID: Cloud Exfiltration)
Fortinet FortiGate Security Gateway (EventID: 16064, 35599, 35977, 35984, 36076, 36115, 36300, 36343, 36350, 36353, 36413, 38668, 38902, 38994, 39287, 39297, 39356, 39474, 39806)