UBA : Data Exfiltration by Cloud Services
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : Data Exfiltration by Cloud Services
Enabled by default
False
Default senseValue
5
Description
Detects users that are uploading files to personal cloud services.
Support rules
- BB:UBA : Common Event Filters
- BB:UBA : File Transfer to Cloud services
Log source types
Aruba Introspect (EventID: Cloud Exfiltration)
Fortinet FortiGate Security Gateway (EventID: 16064, 35599, 35977, 35984, 36076, 36115, 36300, 36343, 36350, 36353, 36413, 38668, 38902, 38994, 39287, 39297, 39356, 39474, 39806)