UBA : AWS Console Accessed by Unauthorized User

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : AWS Console Accessed by Unauthorized User

Enabled by default

False

Default senseValue

10

Description

Detects an unauthorized attempt to access the Amazon Web Services (AWS) console by a user that is outside the authorized list in the 'AWS - Standard Users' reference set.

Support rules

BB:UBA : Common Event Filters

Required configuration

Log source types

Amazon AWS CloudTrail (EventID: ConsoleLogin)