Data Exfiltration
Description
The stealing of data by an adversary.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Endpoint, Endpoint_Processes, Network_Resolution, Network_Traffic
- Last Updated: 2020-10-21
- Author: Shannon Davis, Splunk
- ID: 66b0fe0c-1351-11eb-adc1-0242ac120002
Narrative
Exfiltration comes in many flavors. Adversaries can collect data over encrypted or non-encrypted channels. They can utilise Command and Control channels that are already in place to exfiltrate data. They can use both standard data transfer protocols such as FTP, SCP, etc to exfiltrate data. Or they can use non-standard protocols such as DNS, ICMP, etc with specially crafted fields to try and circumvent security technologies in place.
Detections
Reference
source | version: 1