Skip to main content
Splunk Lantern

Finding large web uploads


Data exfiltration usually occurs over standard channels in most organizations because users upload data to Google, Dropbox, Box, smaller file sharing sites, or unlisted drop sites. Since HTTPS is always allowed out, exfiltration becomes easy. You want to protect your organization by finding large file uploads that could point to data exfiltration in your network.

Data required

Proxy data 

How to use Splunk software for this use case

To optimize the search shown in the video, you should specify an index. In addition, this sample search uses Websense proxy data. You can replace this source with any other proxy data used in your organization.

Next steps

For more great content from the Splunk Education and Training team, check out Splunk How-To on YouTube or sign up for a course

Still need help with this use case? Most customers have OnDemand Services per their license support plan. Engage the ODS team at if you require assistance.