Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection.
When automated exfiltration is used, other exfiltration techniques likely apply as well to transfer the information out of the network, such as Exfiltration Over C2 Channel and Exfiltration Over Alternative Protocol.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PUR-IP-E5 | Information Protection | Technique Scores | T1020 | Automated Exfiltration |
Comments
Defender for Cloud Apps file policies allow you to enforce a wide range of automated processes. Policies can be set to provide Information Protection, including continuous compliance scans, legal eDiscovery tasks, and DLP for sensitive content shared publicly.
Information Protection Protects from Automated Exfiltration attacks due to Information Protection preventing company data from being exfiltrated by external users, by blocking file downloads in real time, using the Defender for Cloud Apps session controls.
License Requirements:
Microsoft Defender for Office 365 plan 1 and plan 2
References
|
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1020.001 | Traffic Duplication | 20 |