Analytics Story: Data Protection
Description
Fortify your data-protection arsenal--while continuing to ensure data confidentiality and integrity--with searches that monitor for and help you investigate possible signs of data exfiltration.
Why it matters
Attackers can leverage a variety of resources to compromise or exfiltrate enterprise data. Common exfiltration techniques include remote-access channels via low-risk, high-payoff active-collections operations and close-access operations using insiders and removable media. While this Analytic Story is not a comprehensive listing of all the methods by which attackers can exfiltrate data, it provides a useful starting point.
Detections
Data Sources
Name | Platform | Sourcetype | Source |
---|---|---|---|
Sysmon EventID 22 | Windows | xmlwineventlog |
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational |
References
- https://www.cisecurity.org/controls/data-protection/
- https://www.sans.org/reading-room/whitepapers/dns/splunk-detect-dns-tunneling-37022
- https://umbrella.cisco.com/blog/2013/04/15/on-the-trail-of-malicious-dynamic-dns-domains/
Source: GitHub | Version: 1