UBA : Large number of denied access events towards external domain

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Large number of denied access events towards external domain

Enabled by default

False

Default senseValue

15

Description

Detects when there are abnormal number of denied access events towards any external domain.

Support rules

BB:UBA : Common Log Source Filters

Required configuration

Enable Search assets for username, when username is not available for event or flow data in Admin Settings > UBA Settings.

Log source types

Access.Access Denied, Access.ACL Deny, Access.Firewall Deny, Access.IPS Deny