HTTP Data Transfer Activity
The HTTP Data Transfer Activity model tracks a user's HTTP data transfer events in time and creates a model for the predicted weekly score.
Enable the HTTP Data Transfer Activity model to track a user's HTTP data transfer events in time and create a model for the predicted weekly score. If the user's score deviates from the learned one, it is deemed suspicious behavior and a Sense Event is generated to increase the user's risk score.
Event name
UBA : Large HTTP transfers
sensevalue
5
Required configuration
You must define the following properties:
- Bytes Sent
- URL
Log source types
Log sources that contain events with both properties defined and that use destination port 80 or 443.