Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)

Use a data loss prevention (DLP) strategy to categorize sensitive data, identify data formats indicative of personal identifiable information (PII), and restrict exfiltration of sensitive data.(Citation: PurpleSec Data Loss Prevention)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	1
Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	1
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6)	Attack Pattern	Data Loss Prevention - M1057 (65401701-019d-44ff-b223-08d520bb0e7b)	Course of Action	1
Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	2
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	2