UBA : User Accessing Risky IP Botnet
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : User Accessing Risky IP Botnet (previously called X-Force® Risky IP, Botnet)
Enabled by default
This rule detects when a local user or host is connecting to a botnet command and control server.
- X-Force Risky IP, Botnet
- BB:UBA : Common Event Filters
- Set "Enable X-Force Threat Intelligence Feed" to Yes in .
- Enable the following rule: X-Force Risky IP Botnet.
Log source types
All supported log sources.