UBA : Potentially Compromised Account

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Potentially Compromised Account

Enabled by default

False

Default senseValue

25

Description

Detects scenario of suspicious activity followed by exfiltration within 24 hours.

Support rules

UBA : Initial Access Followed by Suspicious Activity

UBA : Suspicious Activity Followed by Exfiltration

Required configuration

See supported rules

Log source types

See supported rules