UBA : User Added to a Group on SharePoint or OneDrive by Site Admin
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : User Added to a Group on SharePoint or OneDrive by Site Admin
Enabled by default
False
Default senseValue
10
Description
Detects a user being added to a group in Sharepoint or OneDrive by a System Admin.
Support rule
BB:UBA : Common Event Filters
Log source types
Microsoft Office 365 (EventID: Add member to group-success)