UBA: User Accessing Risky URL

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA: User Accessing Risky URL (previously called X-Force Risky URL)

Enabled by default



This rule detects when a local user is accessing questionable online content.

Support rules

  • X-Force Risky URL
  • BB:UBA : Common Event Filters

Required configuration

  • Set Enable X-Force Threat Intelligence Feed to Yes in Admin Settings > System Settings.
  • Enable the following rule: X-Force Risky URL.

Log source types

Juniper SRX Series Services Gateway, Microsoft ISA, Pulse Secure Pulse Connect Secure