---
title: >-
  Forcepoint Security Service Edge multiple DLP events detected for a particular
  file
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Forcepoint Security Service Edge
  multiple DLP events detected for a particular file
---

# Forcepoint Security Service Edge multiple DLP events detected for a particular file

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1567-exfiltration-over-web-service](https://attack.mitre.org/techniques/T1567) 
## Goal{% #goal %}

Identify files containing sensitive data by detecting specific Data Loss Prevention (DLP) patterns to ensure security and compliance.

## Strategy{% #strategy %}

Detects files matched with DLP patterns to immediately review and take necessary actions to protect the system.

## Triage and Response{% #triage-and-response %}

1. Check the owner - `{{@usr.name}}` of the file and file's folder location: `{{@folder}}`.
1. Review the detected DLP patterns - `{{@patterns}}` and take appropriate actions to secure the system. If uncertain, escalate the issue to the administrator.
1. Review the file directly using the provided drive link - `{{@filelink}}`.
1. Inform the file owner about the detected patterns and discuss any immediate concerns. Notify the administrator or security team if further analysis or action is required or update DLP detection rules or configurations if necessary to improve future accuracy.