UBA : Data Exfiltration by Print
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Data Exfiltration by Print
Enabled by default
False
Default senseValue
5
Description
Detects users that are sending files to print or that are using screen capture tools such as Print Screen and Snipping Tool.
Support rules
- BB:UBA : Common Event Filters
- BB:UBA : File Transfer to Print
Log source types
Universal DSM (EventID: File Print)
Verdasys Digital Guardian (EventID: Print, ADE Print Screen)