forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdata_protection.yml
26 lines (26 loc) · 1.14 KB
/
data_protection.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
name: Data Protection
id: 91c676cf-0b23-438d-abee-f6335e1fce33
version: 1
date: '2017-09-14'
author: Bhavin Patel, Splunk
description: Fortify your data-protection arsenal--while continuing to ensure data
confidentiality and integrity--with searches that monitor for and help you investigate
possible signs of data exfiltration.
narrative: Attackers can leverage a variety of resources to compromise or exfiltrate
enterprise data. Common exfiltration techniques include remote-access channels via
low-risk, high-payoff active-collections operations and close-access operations
using insiders and removable media. While this Analytic Story is not a comprehensive
listing of all the methods by which attackers can exfiltrate data, it provides a
useful starting point.
references:
- https://www.cisecurity.org/controls/data-protection/
- https://www.sans.org/reading-room/whitepapers/dns/splunk-detect-dns-tunneling-37022
- https://umbrella.cisco.com/blog/2013/04/15/on-the-trail-of-malicious-dynamic-dns-domains/
tags:
category:
- Abuse
product:
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk Cloud
usecase: Security Monitoring