Forum Discussion
Acting on policy alert - Data Exfiltration
Hi we have recently enabled CAS and we have had a "Data Exfiltration to unsanctioned app" alert. One of our users has uploaded a substantial amount of data to Facebook. How do we look into this to ...
rajatm Thanks for your reply.
I am assuming there is no way we can correlate the alert with any Defender ATP info and find out what was uploaded, or at least whether it was corporate data?
I do not think that's possible but my knowledge of MDATP is limited. Apologies.
Hello,
Any improvement on these monitoring features?
It would be great to have the filename, the source (e.g. sharepoint or local file), account of the exfiltration platform (e.g. Google drive account if data is exfiltrated to Google), etc.
