UEBA : Multiple VPN Accounts Failed Login From Single IP
The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.
UEBA : Multiple VPN Accounts Failed Login From Single IP
Enabled by default
False
Default senseValue
5
Default senseValueSource
5
Default senseValueDestination
10f
Description
Detects any VPN account login failures from the "UEBA : Multiple VPN Accounts Failed Login From Single IP" reference set.
Support rules
- UEBA : Populate Multiple VPN Accounts Failed Login From Single IP
- BB:UBA : VPN Login Failed
Required configuration
Enable the following rule: "UEBA : Populate Multiple VPN Accounts Failed Login From Single IP"
Log source types
Cisco Adaptive Security Appliance (ASA)