Forum Discussion

Dalesh07's avatar
Dalesh07
Copper Contributor
Mar 20, 2024

Purview Insider RIsk Management - File upload to cloud False Detection

In Purview Insider Risk Management, we have a Data Leaks policy where one of the triggering events is File Uploads to the Web/Cloud. We have frequently observed instances of File Upload to Web events being captured by Purview, which appear to be false detections.

For instance, we received an alert that detected over 6,000 file upload events. However, upon examining the object IDs, it was found that these were temporary files from the user’s machine’s recycle bin being synced to google.com.

Could anyone provide a comprehensive explanation of how the Purview Browser extension is capturing these upload events? This understanding will help us refine our detection mechanisms and improve the accuracy of our alerts.

No RepliesBe the first to reply