Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

Finding exfiltrated file names,

Respected Contributor

A client has an employee that has uploaded 53mb via gmail and 41mb to google drive over the past few months and is leaving the company. They may have taken company sensitive data, how can we see the file names using MDCA?

1 Reply

With discovery it will provide the volume of traffic that was uploaded/downloaded but won't include that level of detail. App connectors provide details on the data coming from audit logs, but this would only be for enterprise instances of GCP.