UBA : Potential Access to Blocklist Domain

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Potential Access to Blocklist Domain

Enabled by default

False

Default senseValue

5

Description

Detects events that indicate the user potentially accessed a blocklist domain. Requires the IBM QRadar DNS Analyzer app.

Required configuration

Before enabling this rule, you must install the IBM QRadar DNS Analyzer app. For more information, see IBM QRadar DNS Analyzer.

Support rule

BB:UBA : DNS Common Filter

Log source types

IBM QRadar DNS Analyzer