This is a DLP policy template that you can implement easily in the Nightfall platform.
Description | Detect when a user downloads more than 5 files containing US PII in 24 hours |
---|---|
Integration | Google Drive |
Use Case | Prevent Data Exfiltration |
Output Settings | Alert admins in Slack or Email, recommend configuring alerting to SIEM, and alert end-user with remediation instructions and educational messaging to proper handling of sensitive data to prevent future exfiltration events. |
Inclusions | Select user drives, shared drives, and user groups you want to monitor. |
Exclusions | Select drives you don't want to monitor. |
These are the detection rules that will be applied within this policy, defining what types of sensitive data the policy is looking for.