UEBA : Large Outbound Transfer by High Risk User

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

UEBA : Large Outbound Transfer by High Risk User

Enabled by default

False

Default senseValue

15

Default senseValueSource

15

Default senseValueDestination

15

Description

Detects an outbound transfer of 200,000 bytes or more by a high risk user.

Support rules

BB:UBA : Common Event Filters

Log source types

Log sources that have the CEP Bytes Sent defined.