Hello Teams,
I’m a MSSP , my client sent me a issues that their DLP vendor said their solution can only detect data is tried to exfiltrate by http get methods.
I can find Browsing HTTP/HTTPS this channel is using http get response to exfiltrate data to Cymulate.
But, what about other channels?
In attack logs , I can see onedirve、github ,these channels are using API call : PUT https://xxxx.xxxxx
It seems using http put methods , right?
Could you help me to clarified for what http methods will be used in each channels?
That’s my client and their DLP vendor wondering to know , then they will try to optimize their solution.
Best answer by Shiraz
View original