UEBA : User Potentially Phished

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

UEBA : User Potentially Phished

Enabled by default

False

Default senseValue

10

Default senseValueSource

5

Description

Detects 3 or more instances of potential phishing attacks on a single user within an hour. Note: Edit the supported building block to monitor any rules that are appropriate for the environment.

Support rules

Required configuration

See supported rules

Log source types

See supported rules