UBA : Detect Insecure Or Non-Standard Protocol
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Detect Insecure Or Non-Standard Protocol
Enabled by default
False
Default senseValue
5
Description
Detects any user that is communicating over unauthorized protocols that are regarded as insecure or non-standard protocols. Authorized protocols are listed in the UBA : Ports of Authorized Protocols reference set with default value 0, which is the port of QRadar events. Edit the UBA : Ports of Authorized Protocols reference set to flag from your environment before you enable this rule.
Support rules
- BB:UBA : Common Event Filters
- BB:UBA : Insecure Ports
Required configuration
Add the appropriate values to the following reference set: UBA : Ports Of Authorized Protocols.
Log source types
All supported log sources.