Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like. File system element events may include copying, deleting, modifying, or moving a file system element.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like File system element events may include copying, deleting, modifying, or moving a file system element.

Abstract: Disclosed in some examples are methods, systems, devices, and machine-readable mediums which monitor for file system element transfers to and from both the endpoint and authorized accounts on network-based service providers (e.g., cloud-based storage). The system uses the capabilities of monitoring both the network-based service and the client computing device to filter out legitimate uploads to authorized network-based services and legitimate downloads to authorized computing devices. By matching events, it filters out events that are likely legitimate, the system may provide more accurate information, notifications, awareness, and unmatched event indications.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like File system element events may include copying, deleting, modifying, or moving a file system element.