qradar.uba.risk.score

qradar.uba.risk.score

The qradar.uba.risk.score attribute indicates the risk score of a user, which is returned by the QRadar User Behavior Analytics (UBA) app.
A value of 0 indicates the user is not indulging in risky/malicious activities according to the QRadar UBA app. A non-zero value indicates the user has been indulging in risky/malicious activities.
The risky behavior threshold is set in the QRadar UBA app. If the value of the qradar.uba.risk.score attribute is consistently being set to ‘0’, this threshold value in the QRadar UBA app may require an adjustment.

Category Type Data type Source type Source

Source Policy, Risk Integer Derived QRadar UBA PIP

Parent topic: Predefined attributes