I am looking for a way to detect encoded (i.e. Base64) text and/or files within DLP. I have a RegEx that generally works, but due to the way Base64 works (primarily alphanumeric characters), it detects far too many false positives. What I am trying to accomplish is detect all or part of a message/file that is encoded and generate an incident.
Additionally, I am in search of a way to detect non-standard files. For instance, if someone were to append encoded/binary content to the end of legitimate file type (jpeg, doc, etc.) to exfiltrate data.
If anyone has had any success or suggestions around this, I would greatly appreciate it.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.