UBA : Detect IOCs For Locky

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Detect IOCs For Locky

Enabled by default

False

Default senseValue

10

Description

Detects user computers that show Indicators of Compromise (IOCs) for Locky by using URLs or IPs that are populated from X-Force campaign feeds.

Support rules

BB:UBA : Common Log Source Filters
BB:UBA : Detect Locky Using IP
BB:UBA : Detect Locky Using URL

Required configuration

Add the appropriate values to the following reference sets: UBA : IOCs-Locky IP and UBA : IOCs-Locky URL.
Enable Search assets for username, when username is not available for event or flow data in Admin Settings > UBA Settings.

Log source types

All supported log sources.