UEBA : Anonymous User Accessed a Resource

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

UEBA : Anonymous User Accessed a Resource

Enabled by default

False

Default senseValue

15

Default senseValueSource

10

Default senseValueDestination

10

Description

Detects an anonymous user accessing a resource.

Support rules

BB:UBA : Common Event Filters

Log source types

Microsoft Office 365 (EventID: AnonymousLinkUsed)