Dalesh07
Mar 20, 2024Copper Contributor
Purview Insider RIsk Management - File upload to cloud False Detection
In Purview Insider Risk Management, we have a Data Leaks policy where one of the triggering events is File Uploads to the Web/Cloud. We have frequently observed instances of File Upload to Web events being captured by Purview, which appear to be false detections.
For instance, we received an alert that detected over 6,000 file upload events. However, upon examining the object IDs, it was found that these were temporary files from the user’s machine’s recycle bin being synced to google.com.
Could anyone provide a comprehensive explanation of how the Purview Browser extension is capturing these upload events? This understanding will help us refine our detection mechanisms and improve the accuracy of our alerts.