Classification:

attack

Tactic:

TA0010-exfiltration

Technique:

T1537-transfer-data-to-cloud-account

VIEW RULE IN DATADOG VIEW SIGNALS

Goal

Detect when a BulkExport operation was detected from unsual location.

Strategy

This rule monitors for BulkExport API calls from unusual location. This may indicate an attacker gaining access to sensitive inforamtion and exfiltrating data.

Triage and response

1. Investigate the other actions performed by the account SID {{@account_sid}}.
2. Follow the guidelines provided by Twilio.