I would like to have a rule that tells me if a user has uploaded 100 or more documents to a storage space like dropbox, onedrive or Gdrive.
It would also be good if I could the helpful to get the C classifications for the documents, i.e. C3 & C4.
Can anybody point me in the right direction for how I may do this?
Good afternoon,
A good example for this is from our community rules https://github.com/chronicle/detection-rules/blob/main/rules/community/workspace/google_workspace_multiple_files_downloaded_from_google_drive.yaral
This is capturing downloads from Google workspace however the logic could be applied for uploads and the condition section refactored e.g #e > 100
Classification, I know that within Google workspace we capture document attributes such as classification etc, I will have a look around for any examples I may have.
Regards
Swifty
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.