Forcepoint Security Service Edge multiple DLP events detected for a particular file

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Identify files containing sensitive data by detecting specific Data Loss Prevention (DLP) patterns to ensure security and compliance.

Detects files matched with DLP patterns to immediately review and take necessary actions to protect the system.

Check the owner - {{@usr.name}} of the file and file’s folder location: {{@folder}}.
Review the detected DLP patterns - {{@patterns}} and take appropriate actions to secure the system. If uncertain, escalate the issue to the administrator.
Review the file directly using the provided drive link - {{@filelink}}.
Inform the file owner about the detected patterns and discuss any immediate concerns. Notify the administrator or security team if further analysis or action is required or update DLP detection rules or configurations if necessary to improve future accuracy.