–

Alert

DLP: Sensitive information message was sent (DlpRuleMatch)

SK4 unified event:

Security Threat Detected

Connector/Service

Office 365/Exchange

SK4 Version:

2.3.105 Created Date:

Mon Jan 21 2019 15:57:37 GMT+0000 (Coordinated Universal Time)

Last Update:

Tue Jun 18 2019 11:12:09 GMT+0000 (Coordinated Universal Time)

Security Alert

Description

A security alert has been detected. A message was sent by email from an internal email address to an external email address.

Search query

SPLUNK

cef_vendor="skyformation" cef_name="security-threat-detected" destinationServiceName="Office 365" sourceServiceName="Exchange" fileType="message" act="send-mail" dpriv="DLP"

Parsed CEF

SkyFormation Header Data Columns

Unparsed raw data

Expand to see an example...

Supported also on

Admin Panel

–