UBA : User Added to a Group on SharePoint or OneDrive by Site Admin

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : User Added to a Group on SharePoint or OneDrive by Site Admin

Enabled by default

False

Default senseValue

10

Description

Detects a user being added to a group in Sharepoint or OneDrive by a System Admin.

Support rule

BB:UBA : Common Event Filters

Log source types

Microsoft Office 365 (EventID: Add member to group-success)