UBA : User Attempt to Use a Suspended Account

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : User Attempt to Use a Suspended Account

Enabled by default


Default senseValue



Detects when a user tries to access the organization resources by using suspended or blocked privileges.

Although not required, you can enable Search assets for username, when username is not available for event or flow data in Admin Settings > UBA Settings.

Log source types

Cisco Intrusion Prevention System (IPS), Extreme Dragon Network IPS, IBM Proventia Network Intrusion Prevention System (IPS), Microsoft ISA, Microsoft Windows Security Event Log (EventID: 4656,4661,4673)