UBA : User Accessing Risky IP Malware
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : User Accessing Risky IP Malware (previously called X-Force® Risky IP, Malware)
Enabled by default
False
Description
This rule detects when a local user or host is connecting to a malware host.
Support rules
- X-Force Risky IP Malware
- BB:UBA : Common Event Filters
Required configuration
- Set "Enable X-Force Threat Intelligence Feed" to Yes in .
- Enable the following rule: X-Force Risky IP Malware.
Log source types
All supported log sources.