UBA : Potential Access to Tunneling Domain

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Potential Access to Tunneling Domain

Enabled by default


Default senseValue



Detects events that indicate the user potentially accessed a tunneling domain. Requires the IBM DNS Analyzer app.

Required configuration

Before enabling this rule, you must install the IBM QRadar DNS Analyzer app. For more information, see IBM QRadar DNS Analyzer.

Support rule

BB:UBA : DNS Common Filter

Log source types

IBM QRadar DNS Analyzer