UBA : User Potentially Phished
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : User Potentially Phished
Enabled by default
False
Default senseValue
10
Description
Detects 3 or more instances of potential phishing attacks on a single user within an hour. Note: Edit the supported building block to monitor any rules that are appropriate for the environment.
Support rules
BB:UBA : Compromised Account - Initial Access
Required configuration
See supported rules
Log source types
See supported rules