UBA : User Attempt to Use a Suspended Account
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : User Attempt to Use a Suspended Account
Enabled by default
False
Default senseValue
10
Description
Detects when a user tries to access the organization resources by using suspended or blocked privileges.
Although not required, you can enable Search assets for username, when username is not available for event or flow data in .
Log source types
Cisco Intrusion Prevention System (IPS), Extreme Dragon Network IPS, IBM Proventia Network Intrusion Prevention System (IPS), Microsoft ISA, Microsoft Windows Security Event Log (EventID: 4656,4661,4673)