UBA : Dormant Account Used

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Dormant Account Used

Enabled by default

True

Default senseValue

10

Description

Detects the successful log in from an account that has been determined to be dormant.

For details on how accounts are determined to be dormant, see Dormant accounts.

Support rule

  • BB:UBA : Common Event Filters
  • BB:CategoryDefinition: Authentication Failures

Log source types

Any supported log source that provides a username in the event.