UBA : Potential Access to Tunneling Domain
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Potential Access to Tunneling Domain
Enabled by default
False
Default senseValue
5
Description
Detects events that indicate the user potentially accessed a tunneling domain. Requires the IBM DNS Analyzer app.Required configuration
Before enabling this rule, you must install the IBM QRadar DNS Analyzer app. For more information, see IBM QRadar DNS Analyzer.
Support rule
BB:UBA : DNS Common Filter
Log source types
IBM QRadar DNS Analyzer