IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Custom property for UBA rule

    Posted Fri April 19, 2019 02:08 AM

    Hello community

    I'm customizing detection rules for UBA and I have encountered the following issue: one of our log sources provides the username in a non standard property, I have created a custom property to extract it. I can see that UBA automatically uses the property username  from the event to add the sensevalue defined in the rule to a user, how can I use a custom property in an UBA custom rule instead of the standard property username?

    Thanks



    ------------------------------
    A CG
    ------------------------------


  • 2.  RE: Custom property for UBA rule

    Posted Mon April 22, 2019 05:38 AM
    Has somebody found a similar situation with UBA custom rules? I cant' find any docs about customizing UBA rules in this way, only about basic customization. I would need to know at least if it's possible to customize a rule as I have explained.

    Thanks in advanced

    ------------------------------
    A CG
    ------------------------------

    Original Message


  • 3.  RE: Custom property for UBA rule

    Posted Tue December 10, 2019 09:51 AM
    Hello,

     I am searching for a way to achieve the same thing right now.

    Did you find out how to do it?

    Regards,
    George

    ------------------------------
    George Spyropoulos
    ------------------------------

    Original Message


Related Content