Product: Incapsula
Use-Case: Data Leak
| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 6 | 3 | 3 | 2 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| web-activity-allowed | T1030 - Data Transfer Size Limits ↳ A-WEB-EXFIL-ASSET: Large amount of data exfiltrated from host ↳ WEB-New-File-20: User with no web activity history has uploaded 20MB or more T1071.001 - Application Layer Protocol: Web Protocols ↳ WEB-OUa-Browser-F: First activity using this web browser for the organization ↳ WEB-FS: User has accessed a file sharing domain ↳ WEB-OU-FS: One of the top file sharing users in the organization ↳ WEB-OG-FS: One of the top file sharing users in the peer group T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage ↳ WEB-FS: User has accessed a file sharing domain ↳ WEB-OU-FS: One of the top file sharing users in the organization ↳ WEB-OG-FS: One of the top file sharing users in the peer group |
• WEB-OG-FS: File sharing activities of users in the peer group • WEB-OU-FS: File sharing activities of users in the organization • WEB-OUa-Browser-New: Top web browsers being used in this organization |