UEBA : Multiple VPN Accounts Failed Login From Single IP

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

UEBA : Multiple VPN Accounts Failed Login From Single IP

Enabled by default

False

Default senseValue

5

Default senseValueSource

5

Default senseValueDestination

10f

Description

Detects any VPN account login failures from the "UEBA : Multiple VPN Accounts Failed Login From Single IP" reference set.

Support rules

  • UEBA : Populate Multiple VPN Accounts Failed Login From Single IP
  • BB:UBA : VPN Login Failed

Required configuration

Enable the following rule: "UEBA : Populate Multiple VPN Accounts Failed Login From Single IP"

Log source types

Cisco Adaptive Security Appliance (ASA)