Searching for Information
Searching for Information (Windows/Mac)
The following out-of-the-box alert rules are assigned to the (Windows/Mac) Category: SEARCHING FOR INFORMATION.
|
ALERT RULE |
Description |
|---|---|
| Browsing information outlets (WikiLeaks-like) |
An alert is triggered upon browsing to information-leak websites such as WikiLeaks in order to either publish or read sensitive information. |
| Running advanced monitoring or sniffing |
An alert is triggered upon running a monitoring or sniffing tool which is part of a predefined list. The usage of such tools could indicate a user attempt to obtain information which might be sensitive. |
| Searching data on Darknet's TOR (The Onion Router) |
An alert is triggered upon searching predefined keywords (including the name of tools) related to TOR (The Onion Router) which is included in the Darknet in web search engines. |
| Searching data on Dynamic-DNS |
An alert is triggered upon searching predefined keywords (including the name of tools) related to Dynamic-DNS tools in web search engines. |
| Searching data on file transfer (FTP or SFTP) |
An alert is triggered upon searching predefined keywords including the name of tools) related to FTP/SFTP tools in web search engines. |
| Searching data on hacking or spoofing |
An alert is triggered upon searching predefined keywords (including the name of tools) related to hacking or spoofing tools in web search engines. |
| Searching data on monitoring or sniffing |
An alert is triggered upon searching predefined keywords (including the name of tools) related to monitoring or sniffing tools in web search engines. |
| Searching data on password cracking |
An alert is triggered upon searching predefined keywords (including the name of tools) related to password cracking tools in web search engines. |
| Searching data on Remote Access and Desktop Sharing |
An alert is triggered upon searching predefined keywords (including the name of tools) related to remote access and desktop sharing tools in web search engines. |
| Searching data on steganography |
An alert is triggered upon searching predefined keywords (including the name of tools) related to steganography tools in web search engines. Such tools are usually used to conceal text information within images, and by doing this block data exfiltration tools to detect the data leak. |
| Searching data on VPN, Proxy or Tunneling |
An alert is triggered upon searching predefined keywords (including the name of tools) related to VPN, proxy, or tunneling tools in web search engines. |
| Searching for technical information on the ObserveIT monitoring solution |
An alert is triggered upon browsing to the ITM On-Prem (ObserveIT) website, the official ITM On-Prem (ObserveIT) documentation, or upon opening the folder in which the product is installed. Any of these actions could potentially indicate an attempt to tamper with the monitoring solution. |
| Searching sensitive files or folders |
An alert is triggered upon invoking the built-in search of Windows Explorer on a predefined sensitive file or folder name. |