Tag
medium
advisory
Google Workspace Drive Data Transfer or Takeout Export Initiated
2 rules 2 TTPsThis rule detects when Google Workspace administrators initiate bulk movement or export of user Drive data, including admin data transfer requests and Customer Takeout export jobs which can be abused by adversaries with administrative access to stage or exfiltrate sensitive files.
Google Workspace +1
google_workspace
data_exfiltration
cloud
2r
2t
high
advisory
ESXi Firewall Disabled Detection
2 rulesThis detection identifies when the ESXi firewall is disabled or set to permissive mode, potentially exposing the host to unauthorized access and network-based attacks, often preceding lateral movement, data exfiltration, or malware installation.
ESXi +3
firewall
lateral_movement
data_exfiltration
ransomware
attack.defense_evasion
2r