UBA : Mailbox Permission Added and Deleted in a Short Period of Time
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Mailbox Permission Added and Deleted in a Short Period of Time
Enabled by default
False
Default senseValue
10
Description
Detects mailbox permissions that are added and deleted within an hour.
Support rules
- BB:UBA : Common Event Filters
- BB:UBA : Remove Mailbox Permission Succeeded
- BB:UBA : Add Mailbox Permission Succeeded
Log source types
Microsoft Office 365 (EventID: Add-MailboxPermission-true & Remove-MailboxPermission-true)