UBA : Multiple VPN Accounts Failed Login From Single IP
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Multiple VPN Accounts Failed Login From Single IP
Enabled by default
False
Default senseValue
5
Description
Detects any VPN account login failures from the "UBA : Multiple VPN Accounts Failed Login From Single IP" reference set.
Support rules
- UBA : Populate Multiple VPN Accounts Failed Login From Single IP
- BB:UBA : VPN Login Failed
Required configuration
Enable the following rule: "UBA : Populate Multiple VPN Accounts Failed Login From Single IP"
Log source types
Cisco Adaptive Security Appliance (ASA)