Views:
You can investigate sensitive data activity in Observed Attack Techniques to track and mitigate how sensitive data is shared and transmitted in your environment.

Procedure

  1. Go to XDR Threat Investigation > Observed Attack Techniques.
  2. From the Event severity list, select Medium and Low.
    Sensitive data events are either Medium or Low severity.
  3. From the Data source/processor list, select Endpoint and Data Detection and Response.
  4. Use any of the other filters to narrow your search, and then click Apply.
    If there are any sensitive data results, they are listed on the page.
  5. To investigate a particular result, expand the details and then do any of the following:
    • If there are more than two files with sensitive data, click View details to view the entire list.
    • In the Object Group Details area, right-click a file name and select Show detailed profile to view more information about the file, including data type and size and the full URI.
    • To track how the file has been transmitted or shared between endpoints, right-click the file name and select Check Data Lineage to view a graph depicting the file's movements. For more information, see Data Lineage.