UBA : User Potentially Phished

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : User Potentially Phished

Enabled by default


Default senseValue



Detects 3 or more instances of potential phishing attacks on a single user within an hour. Note: Edit the supported building block to monitor any rules that are appropriate for the environment.

Support rules

Required configuration

See supported rules

Log source types

See supported rules