UBA : Large Outbound Transfer by High Risk User

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

Enabled by default

False

Detects an outbound transfer of 200,000 bytes or more by a high risk user.

BB:UBA : Common Event Filters

Log sources that have the CEP Bytes Sent defined.