UBA: User Accessing Risky URL
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA: User Accessing Risky URL (previously called X-Force Risky URL)
Enabled by default
This rule detects when a local user is accessing questionable online content.
- X-Force Risky URL
- BB:UBA : Common Event Filters
- Set Enable X-Force Threat Intelligence Feed to Yes in .
- Enable the following rule: X-Force Risky URL.
Log source types
Juniper SRX Series Services Gateway, Microsoft ISA, Pulse Secure Pulse Connect Secure