Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Sources
Targets
Subject
Content
Insider threats
You can integrate QRadar Network Insights with the User Behavior Analytics app to improve threat
detection. Use the QRadar Network Insights analytics to recognize:
High-risk users
Potential targets of phishing
Negative sentiment
Suspicious behaviors
Lateral movement attack detection
QRadar Network Insights can trace anomalous communications:
Reconnaissance
Data transfers
Rogue and malicious actors
Data exfiltration protection
Data can be exfiltrated through many methods. Use QRadar Network Insights to identify and track
suspicious files such as:
DNS abnormalities
Sensitive content
Aberrant connections
Aliases
Identify compliance gaps
QRadar Network Insights allows for continuous monitoring of enterprise, industry, and regulatory
compliance.
UBA : Bruteforce Authentication Attempts
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : Executive Only Asset Accessed by Non-Executive User
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : High Risk User Access to Critical Asset
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : Multiple VPN Accounts Failed Login From Single IP
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : Multiple VPN Accounts Logged In From Single IP
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : Repeat Unauthorized Access
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : Terminated User Activity
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : Unauthorized Access
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : Unix/Linux System Accessed With Service or Machine Account
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : User Access - Failed Access to Critical Assets
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : User Access - First Access to Critical Assets
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : User Access from Multiple Hosts
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : User Access to Internal Server From Jump Server
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : User Access Login Anomaly
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : User Accessing Account from Anonymous Source
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : User Time, Access at Unusual Times
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : VPN Access By Service or Machine Account
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : VPN Certificate Sharing
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.
UBA : Windows Access with Service or Machine Account
The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
certain behavioral anomalies.