Data Exfiltration to Unsanctioned Apps (2b669496-d215-47d8-bd9a-f4a45bf07cda)
Detects when a Microsoft Cloud App Security reported when a user or IP address uses an app that is not sanctioned to perform an activity that resembles an attempt to exfiltrate information from your organization.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Data Exfiltration to Unsanctioned Apps (2b669496-d215-47d8-bd9a-f4a45bf07cda) | Sigma-Rules | Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) | Attack Pattern | 1 |