Fortify your data-protection arsenal–while continuing to ensure data confidentiality and integrity–with searches that monitor for and help you investigate possible signs of data exfiltration.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Change_Analysis, Network_Resolution
- Last Updated: 2017-09-14
- Author: Bhavin Patel, Splunk
- ID: 91c676cf-0b23-438d-abee-f6335e1fce33
Attackers can leverage a variety of resources to compromise or exfiltrate enterprise data. Common exfiltration techniques include remote-access channels via low-risk, high-payoff active-collections operations and close-access operations using insiders and removable media. While this Analytic Story is not a comprehensive listing of all the methods by which attackers can exfiltrate data, it provides a useful starting point.
|Detect USB device insertion||None||TTP|
|Detection of DNS Tunnels||Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol||TTP|
|Detect hosts connecting to dynamic domain providers||Drive-by Compromise||TTP|
source | version: 1