Suspicious User Activity

Technical Library | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Predefined Policies and Classifiers > Data Loss Prevention policies > Data Theft Risk Indicators > Suspicious User Activity

Suspicious User Activity

Predefined Policies and Classifiers | Data Security Solutions | Version 7.8.x

Data Sent During Unusual Hours (starting with v7.8.3)

Detects data that is sent at an unusual time. You define what is considered an unusual time in the script classifier, Unusual Hours. Each rule in this policy target a different type of data, such as Office or archive files.

Example: If you define working days in the classifier as Monday-Friday and unusual hours as 9pm-5am, then data sent on Saturday, Sunday, or during the working week between 9 p.m. and 5 a.m. triggers this policy.

Unusual Hours: Source Code C family or Java

Unusual Hours: Confidential in Header/Footer

Unusual Hours: Office Files Over time

Unusual Hours: Archive Files

Policy for the detection of database files. The rules for this policy are:

DB File: Ability Office format

DB File: dBase format

DB File: Filemaker format

DB File: Lotus Notes NSF format

DB File: MORE format

DB File: MS Access format

DB File: MS Works for DOS format

DB File: MS Works for Mac format

DB File: MS Works for Windows format

DB File: Paradox format

Email to Competitors (starting with v7.8.2)

A policy for detecting email messages that are being sent from one's corporate email address to his or her personal email address. The rules for this policy are:

Email to Competitors

Contact Information to Competitors

Encrypted Attachment to Competitors

Malicious Concealment

Policy for detection of content suspected to be manipulated to avoid detection.This may cause false positives. The rules for this policy are:

Manipulated Content - L33T

Manipulated Content - Reversed Text

Manipulated Content - ROT13

Manipulated Content - Upside Down Text

Manipulated Content (Default)

Manipulated Content (Narrow)

Manipulated Content (Wide)

Password Dissemination

Detects content suspected to be a password in clear text. The rules for this policy are:

Password dissemination

Password dissemination for Web traffic

Password Dissemination: Common Passwords without term

Suspected Mail to Self (starting with v7.8.2)

Policy for detecting email messages that are being sent from one's corporate email address to his or her personal email address. The rule for this policy is also called:

Suspected Mail to Self

Unknown File Formats Over Time (starting with v7.8.3)

Detects when unencrypted binary files of unknown formats are being sent repeatedly over a period of time. (Websense-supported file types do not trigger this policy.)

For example: If 20 unencrypted files of an unknown format are sent during 1 hour, this policy is triggered. Thresholds are set in the Wide or Default rule.

Unknown file formats over time (Wide)

Unknown file formats over time (Default)

Unknown file formats over time (Narrow)

Unknown file formats over time to uncategorized sites

User Traffic Over Time

Policy for detection of suspicious behavior of users by measuring the rate and type of transactions over time. This may cause false positives. The rules for this policy are:

User Traffic Over Time: Specific Attachments

User Traffic Over Time: CV

User Traffic Over Time: Source Codes

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Predefined Policies and Classifiers > Data Loss Prevention policies > Data Theft Risk Indicators > Suspicious User Activity

Copyright 2016 Forcepoint LLC. All rights reserved.