Large Upload (SMTP)

The
Large Upload (SMTP)
Analytics alert indicates that an endpoint is emailing an excessive amount of data from your network.

Synopsis

1 hour
7 days
None. All limit values are predetermined.
1 day
Traffic logs
Severity
Varies by activity (High, Medium, or Low).

Description

An endpoint is emailing an excessive amount of data from your network, and the endpoint performing the transfer is not an internal SMTP server. The amount of data contained in the email exceeds a predetermined limit.

Attacker's Goals

Transfer data they have stolen from your network to a location that is convenient and useful to him.

Investigative Actions

  • Identify the process/user performing the data transfer to determine if the transfer is sanctioned.

Recommended For You