+8Hello everyone
Looking for guidance on detecting potential data exfiltration to external (USB/removable) drives. Has anyone built a YARA rule for identifying such activity
Open to examples or best practices for monitoring file transfers to removable media.
thanks in advance
+12You will need to enable audit logging for removable media in GPO, or collect the events from a DLP.
There are some good starter examples in MITRE detections page ; https://attack.mitre.org/techniques/T1052/001/
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
