Apr 28 2020 03:58 AM
Hi we have recently enabled CAS and we have had a "Data Exfiltration to unsanctioned app" alert. One of our users has uploaded a substantial amount of data to Facebook.
How do we look into this to see what has been uploaded? Or can't we?
Thanks
Neil
Apr 28 2020 06:31 AM
Apr 28 2020 07:44 AM
@rajatm Thanks for your reply.
I am assuming there is no way we can correlate the alert with any Defender ATP info and find out what was uploaded, or at least whether it was corporate data?
Apr 28 2020 02:47 PM
Jan 04 2021 06:47 AM
Hello,
Any improvement on these monitoring features?
It would be great to have the filename, the source (e.g. sharepoint or local file), account of the exfiltration platform (e.g. Google drive account if data is exfiltrated to Google), etc.