UEBA : Inbox Set to Forward to External Inbox

The QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.

UEBA : Inbox Set to Forward to External Inbox

Enabled by default

False

Default senseValue

15

Default senseValueSource

10

Description

Detects if a mailbox is set to forward to a domain that is not listed in the Trust Domains reference set.

Support rules

BB:UBA : Common Event Filters

Required configuration

Add the appropriate values to the following reference sets: "UBA : Trusted Domains".

Log source types

Microsoft Office 365 (EventID: Set-Mailbox-true)