UBA : User Accessing Risky IP Dynamic

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : User Accessing Risky IP Dynamic (previously called X-Force® Risky IP, Dynamic)

Enabled by default

False

Description

This rule detects when a local user or host is connecting to a dynamically assigned IP address.

Support rules

  • X-Force Risky IP, Dynamic
  • BB:UBA : Common Event Filters

Required configuration

  • Set "Enable X-Force Threat Intelligence Feed" to Yes in Admin Settings > System Settings.
  • Enable the following rule: X-Force Risky IP Dynamic.

Log source types

All supported log sources.