Data exfiltration usually occurs over standard channels in most organizations because users upload data to Google, Dropbox, Box, smaller file sharing sites, or unlisted drop sites. Since HTTPS is always allowed out, exfiltration becomes easy. You want to protect your organization by finding large file uploads that could point to data exfiltration in your network.
How to use Splunk software for this use case
To optimize the search shown in the video, you should specify an index. In addition, this sample search uses Websense data. You can replace this source with any other proxy data used in your organization.
Next steps
This article has been brought to you by Splunk Education. We’ve learned that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. You can start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the Hood, Result Modification, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.
For more great content from the Splunk Education team, check out Splunk How-To on YouTube or sign up for a course.
Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at ondemand@splunk.com if you would like assistance.
