UBA : Dormant Account Used
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Dormant Account Used
Enabled by default
True
Default senseValue
10
Description
Detects the successful log in from an account that has been determined to be dormant.
For details on how accounts are determined to be dormant, see Dormant accounts.
Support rule
- BB:UBA : Common Event Filters
- BB:CategoryDefinition: Authentication Failures
Log source types
Any supported log source that provides a username in the event.