This is a DLP policy template that you can implement easily in the Nightfall platform.
| Description | Detect when a user downloads more than 5 files containing secrets such as API keys in 24 hours |
|---|---|
| Integration | Google Drive |
| Use Case | Prevent Data Exfiltration |
| Output Settings | Alert admins in Slack or Email, recommend configuring alerting to SIEM, and alert end-user with remediation instructions and educational messaging to proper handling of sensitive data to prevent future exfiltration events. |
| Inclusions | Select user drives, shared drives, and user groups you want to monitor. |
| Exclusions | Select drives you don't want to monitor. |
These are the detection rules that will be applied within this policy, defining what types of sensitive data the policy is looking for.