UBA : Suspicious Activity Followed by Exfiltration

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : Suspicious Activity Followed by Exfiltration

Enabled by default

False

Default senseValue

15

Description

Detects scenario of suspicious activity followed by exfiltration within 24 hours.

Support rules

Required configuration

See supported rules

Log source types

See supported rules