疑わしいアクティビティー
「疑わしいアクティビティー」モデルは、上位カテゴリー「疑わしいアクティビティー」でのユーザーのアクティビティーを追跡し、毎時の学習行動モデルを作成します。
「疑わしいアクティビティー」機械学習モデルを有効化し、上位カテゴリー「疑わしいアクティビティー」の実際の量と予想される量 (学習済みの量) を「ユーザーの詳細」ページに表示します。 ユーザーの疑わしいアクティビティーが学習行動から逸脱している場合、疑わしい振る舞いとみなされ、センス・イベントが生成されて、ユーザーのリスク・スコアが上昇します。
イベント名
UBA : 疑わしいアクティビティーの異常な増大
sensevalue
5
必須の構成
システムが QRadar 上位カテゴリー「疑わしいアクティビティー」のイベントをモニターしている。
ログ・ソース・タイプ
Log source types: 3Com 8800 Series Switch, Akamai KONA, Application Security DbProtect, Arbor Networks Peakflow SP, Aruba Introspect, Aruba Mobility Controller, Avaya VPN Gateway, Barracuda Spam & Virus Firewall, Barracuda Web Application Firewall, Barracuda Web Filter, Bridgewater Systems AAA Service Controller, Brocade FabricOS, CRE System, Carbon Black, Carbon Black Protection, Check Point, Cilasoft QJRN/400, Cisco Adaptive Security Appliance (ASA), Cisco Aironet, Cisco CSA, Cisco CatOS for Catalyst Switches, Cisco Firewall Services Module (FWSM), Cisco IOS, Cisco Intrusion Prevention System (IPS), Cisco IronPort, Cisco Meraki, Cisco NAC Appliance, Cisco PIX Firewall, Cisco Stealthwatch, Cisco Umbrella, Cisco VPN 3000 Series Concentrator, Cisco Wireless LAN Controllers, Cisco Wireless Services Module (WiSM), CloudLock Cloud Security Fabric, CrowdStrike Falcon Host, Custom Rule Engine, CyberArk Privileged Threat Analytics, CyberGuard TSP Firewall/VPN, Damballa Failsafe, EMC VMWare, ESET Remote Administrator, Enterprise-IT-Security.com SF-Sherlock, Event CRE Injected, Exabeam, Extreme 800-Series Switch, Extreme Dragon Network IPS, Extreme HiGuard, Extreme HiPath, Extreme Matrix K/N/S Series Switch, Extreme Networks ExtremeWare Operating System (OS), Extreme XSR Security Routers, F5 Networks BIG-IP AFM, F5 Networks BIG-IP ASM, F5 Networks BIG-IP LTM, F5 Networks FirePass, Fair Warning, Fidelis XPS, FireEye, Flow Classification Engine, Forcepoint Sidewinder, ForeScout CounterACT, Fortinet FortiGate Security Gateway, FreeRADIUS, H3C Comware Platform, Huawei AR Series Router, Huawei S Series Switch, IBM AIX Server, IBM BigFix Detect, IBM Guardium, IBM Lotus Domino, IBM Proventia Network Intrusion Prevention System (IPS), IBM Resource Access Control Facility (RACF), IBM Security Network IPS (GX), IBM Security Trusteer Apex Advanced Malware Protection, IBM WebSphere Application Server, IBM i, IBM z/OS, ISC BIND, Imperva SecureSphere, Juniper Junos OS Platform, Juniper Junos WebApp Secure, Juniper Networks Firewall and VPN, Juniper Networks Intrusion Detection and Prevention (IDP), Juniper Networks Network and Security Manager, Juniper WirelessLAN, Kaspersky CyberTrace, Kaspersky Security Center, Kisco Information Systems SafeNet/i, Lastline Enterprise, LightCyber Magna, Linux DHCP Server, Linux OS, McAfee Application/Change Control, McAfee Network Security Platform, McAfee ePolicy Orchestrator, Microsoft DHCP Server, Microsoft DNS Debug, Microsoft Endpoint Protection, Microsoft Hyper-V, Microsoft Operations Manager, Microsoft Windows Security Event Log, Motorola SymbolAP, NCC Group DDos Secure, Netskope Active, Niksun 2005 v3.5, Nortel Contivity VPN Switch, Nortel Secure Router, Nortel VPN Gateway, OS Services Qidmap, OSSEC, ObserveIT, Onapsis Inc Onapsis Security Platform, Palo Alto Endpoint Security Manager, Palo Alto PA Series, PostFix MailTransferAgent, ProFTPD Server, Proofpoint Enterprise Protection/Enterprise Privacy, Pulse Secure Pulse Connect Secure, RSA Authentication Manager, Radware AppWall, Radware DefensePro, Riverbed SteelCentral NetProfiler, SAP Enterprise Threat Detection, SSH CryptoAuditor, STEALTHbits StealthINTERCEPT, SafeNet DataSecure/KeySecure, Samhain HIDS, Sentrigo Hedgehog, Skyhigh Networks Cloud Security Platform, Snort Open Source IDS, SolarWinds Orion, Solaris Operating System Authentication Messages, Solaris Operating System Sendmail Logs, SonicWALL SonicOS, Sophos Astaro Security Gateway, Sophos Enterprise Console, Sophos PureMessage, Squid Web Proxy, Starent Networks Home Agent (HA), Stonesoft Management Center, Symantec Endpoint Protection, Symantec System Center, ThreatGRID Malware Threat Intelligence Platform, TippingPoint Intrusion Prevention System (IPS), TippingPoint X Series Appliances, Top Layer IPS, Trend Micro Deep Discovery Email Inspector, Trend Micro Deep Discovery Inspector, Trend Micro Deep Security, Universal DSM, Vectra Networks Vectra, Verdasys Digital Guardian, WatchGuard Fireware OS, Zscaler Nss, genua genugate, iT-CUBE agileSI