Data Infiltration

The following out-of-the-box alert rules are assigned to the (Windows/Mac) Category: DATA INFILTRATION.

ALERT RULE	Description
Browsing software download sites	An alert is triggered upon browsing of websites that are dedicated for downloading software, potentially to download and then install it.
Browsing harmful, risky or contaminating sites	An alert is triggered upon browsing to websites that are categorized as risky from various security aspects.
Downloading file from a site dedicated to downloads	An alert is triggered upon downloading a file from website that is categorized as a download website.
Downloading file from cloud storage service site	An alert is triggered upon downloading a file from a website that is categorized as a Storage site.
Downloading file from infected or malicious site	An alert is triggered upon downloading a file from website that is categorized as infected or a malicious website.
Downloading file with potentially malicious extension	An alert is triggered upon downloading a file whose extensions is part of the list of potentially malicious file extensions.
Using FTP or SFTP protocol in browser	An alert is triggered upon browsing FTP/SFTP site via the browser, by using the FTP/SFTP protocol in the URL address field, potentially in order to download files/folders.

The following out-of-the-box alert rules are assigned to the (Unix/Linux) Category: DATA INFILTRATION.

ALERT RULE	Description
Copying files from remote servers to sensitive system folders via SFTP	An alert is triggered when a file from a remote server is copied to a sensitive system folder via SFTP.
Prevent the copying of files from remote servers to sensitive system folders via SFTP (inactive)	An alert is triggered when a file from a remote server is copied to a sensitive system folder via SFTP. Note that this rule is inactive by default as it contains a preventive action.