UBA : Data Exfiltration by Print

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Data Exfiltration by Print

Enabled by default

False

Default senseValue

5

Description

Detects users that are sending files to print or that are using screen capture tools such as Print Screen and Snipping Tool.

Support rules

  • BB:UBA : Common Event Filters
  • BB:UBA : File Transfer to Print

Log source types

Universal DSM (EventID: File Print)

Verdasys Digital Guardian (EventID: Print, ADE Print Screen)