UBA : Multiple VPN Accounts Failed Login From Single IP

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Multiple VPN Accounts Failed Login From Single IP

Enabled by default

False

Default senseValue

5

Description

Detects any VPN account login failures from the "UBA : Multiple VPN Accounts Failed Login From Single IP" reference set.

Support rules

  • UBA : Populate Multiple VPN Accounts Failed Login From Single IP
  • BB:UBA : VPN Login Failed

Required configuration

Enable the following rule: "UBA : Populate Multiple VPN Accounts Failed Login From Single IP"

Log source types

Cisco Adaptive Security Appliance (ASA)