UEBA : Potentially Compromised Account

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

UEBA : Potentially Compromised Account

Enabled by default

False

Default senseValue

25

Default senseValueSource

25

Default senseValueDestination

25

Description

Detects scenario of suspicious activity followed by exfiltration within 24 hours.

Support rules

UBA : Initial Access Followed by Suspicious Activity

UBA : Suspicious Activity Followed by Exfiltration

Required configuration

See supported rules

Log source types

See supported rules