Citrix Analytics for Security

Data Exfiltration

October 31, 2023

Contributed by:

Printing from SaaS apps

This occurs when a file is printed from a SaaS application from which printing is not allowed. It detects potential data exfiltration by printing operations in SaaS applications.

Details

Data Source: Apps and Desktops (Citrix Enterprise Browser)

CAS query

Event-Type = "App.SaaS.File.Print" AND SaaS-App-Name = "<App-Name>"
<!--NeedCopy-->

Sigma signature

author: Citrix
date: 2023/01/31
description: Printing from SaaS apps
detection:
  condition: selection and not filter_null and filter_saas_app_name
  filter_saas_app_name:
  - saas_app_name: '<App-Name>'
  filter_null:
  - saas_app_name: null
  selection:
  - occurrence_event_type: App.SaaS.File.Print
logsource:
  product: citrixanalytics
  service: security
title: Printing from SaaS apps
<!--NeedCopy-->

Clipboard usage on SaaS apps

This occurs when a cut, copy, or paste activity is done from any SaaS application. It detects potential data exfiltration from SaaS applications in your organization by monitoring the clipboard operations.

Details

Data Source: Apps and Desktops (Citrix Enterprise Browser)

CAS query

Event-Type = "App.SaaS.Clipboard" AND Clipboard-Result = "success" AND Clipboard-Operation IN ( "copy" , "cut" )
<!--NeedCopy-->

Sigma signature

author: Citrix
date: 2023/01/31
description: Clipboard usage on SaaS apps
detection:
  condition: selection and not filter_null and filter_clipboard_details_result and filter_clipboard_operation
  filter_clipboard_details_result:
  - clipboard_details_result: 'success'
  filter_clipboard_operation:
  - clipboard_operation: ['cut', 'copy', '<Other Operation>']
  filter_null:
  - clipboard_operation: null
  - clipboard_details_result: null
  selection:
  - occurrence_event_type: App.SaaS.Clipboard
logsource:
  product: citrixanalytics
  service: security
title: Clipboard usage on SaaS apps
<!--NeedCopy-->

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Data Exfiltration

October 31, 2023

Contributed by:

October 31, 2023

Contributed by:

Data Exfiltration

Printing from SaaS apps

Details

CAS query

Sigma signature

Clipboard usage on SaaS apps

Details

CAS query

Sigma signature

In this article