UBA : Honeytoken Activity

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Honeytoken Activity

Enabled by default

False

Default senseValue

10

Description

Detects activity using a Honeytoken account.

Support rules

BB:UBA : Common Event Filters

Required configuration

Add the appropriate values to the following reference sets: UBA : Honeytoken Accounts

Add the appropriate log sources to the following log source groups: UBA : Systems with Honeytoken Accounts.

Log source types

All log sources added to the UBA : Systems with Honeytoken Accounts log source group.