UEBA : Large number of denied access events towards external domain

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

UEBA : Large number of denied access events towards external domain

Enabled by default

False

Default senseValue

10

Default senseValueSource

10

Description

Detects when there are abnormal number of denied access events towards any external domain.

Support rules

BB:UBA : Common Log Source Filters

Required configuration

Enable Search assets for username, when username is not available for event or flow data in Admin Settings > UBA Settings.

Log source types

Access.Access Denied, Access.ACL Deny, Access.Firewall Deny, Access.IPS Deny