Forcepoint Security Service Edge multiple DLP events detected for a particular file

This rule is part of a beta feature. To learn more, contact Support.
forcepoint-security-service-edge

Classification:

attack

Tactic:

TA0010-exfiltration

Technique:

T1567-exfiltration-over-web-service

Set up the forcepoint-security-service-edge integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Goal

Identify files containing sensitive data by detecting specific Data Loss Prevention (DLP) patterns to ensure security and compliance.

Strategy

Detects files matched with DLP patterns to immediately review and take necessary actions to protect the system.

Triage and Response

  1. Check the owner - {{@usr.name}} of the file and file’s folder location: {{@folder}}.
  2. Review the detected DLP patterns - {{@patterns}} and take appropriate actions to secure the system. If uncertain, escalate the issue to the administrator.
  3. Review the file directly using the provided drive link - {{@filelink}}.
  4. Inform the file owner about the detected patterns and discuss any immediate concerns. Notify the administrator or security team if further analysis or action is required or update DLP detection rules or configurations if necessary to improve future accuracy.