UBA : New Account Use Detected
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : New Account Use Detected
Enabled by default
True
Default senseValue
5
Description
Provides reporting functions that indicate an account successfully used for the first time. Accounts are tracked and monitored by the UBA app.
Note: Prior to UBA V3.5.0 this rule monitored every event coming into QRadar and added any new user account seen on an event to UBA. It populated a reference set that stored all of the user accounts and compared every event to this reference set. Starting in V3.5.0 this rule now triggers when the app sends in an event indicating the account is new. All accounts are stored in the UBA database instead of a reference table. For more information on how new accounts are detected, see New accounts.
Log source types
IBM Sense (EventID: new account use detected)