I am looking for a way to detect encoded (i.e. Base64) text and/or files within DLP. I have a RegEx that generally works, but due to the way Base64 works (primarily alphanumeric characters), it detects far too many false positives. What I am trying to accomplish is detect all or part of a message/file that is encoded and generate an incident.
Additionally, I am in search of a way to detect non-standard files. For instance, if someone were to append encoded/binary content to the end of legitimate file type (jpeg, doc, etc.) to exfiltrate data.
If anyone has had any success or suggestions around this, I would greatly appreciate it.