UBA : Honeytoken Activity
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Honeytoken Activity
Enabled by default
False
Default senseValue
10
Description
Detects activity using a Honeytoken account.
Support rules
BB:UBA : Common Event Filters
Required configuration
Add the appropriate values to the following reference sets: UBA : Honeytoken Accounts
Add the appropriate log sources to the following log source groups: UBA : Systems with Honeytoken Accounts.
Log source types
All log sources added to the UBA : Systems with Honeytoken Accounts log source group.