Unauthorized Data Access
Unauthorized Data Access (Windows/Mac)
The following out-of-the-box alert rules are assigned to the (Windows/Mac) Category: UNAUTHORIZED DATA ACCESS.
|
ALERT RULE |
Description |
|---|---|
| Accessing sensitive folder |
An alert is triggered upon opening in Windows Explorer a folder which is included in black-listed unauthorized folders. |
| Accessing Social Media Sites from Server |
An alert is triggered upon browsing to Social Media Sites on a machine that functions as a server. This action could indicate an intent to steal sensitive information from the server, or to download files/folders to this server. |
| Accessing system folders |
An alert is triggered upon opening in Windows Explorer one of the system folders as defined in external list. |
| Invoking Mac authentication service dialog |
An alert is triggered upon performing an action on Mac that requires administrative privileges to be set via the authentication service dialog. |
| Trying to access a system that requires credentials |
An alert is triggered whenever the Windows Security popup that prompts for entering credentials is displayed to the user. This happens upon trying to access a web-based system or a folder that requires credentials. |
| Viewing or editing sensitive documents on Mac |
An alert is triggered upon viewing or editing sensitive documents on Mac via document editing tools. It builds on the [CMD-P] for the Print event but combines it with the application for editing documents - either Numbers or Microsoft Word (can be added) |