https://community.cisco.com/t5/network-security/data-exfiltration/m-p/2012925#M55087 <P>How can i detect low and slow data exfiltration with the Cisco IPS?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Sun, 10 Mar 2019 12:42:38 GMT bob.bartlett 2019-03-10T12:42:38Z https://community.cisco.com/t5/network-security/data-exfiltration/m-p/2012925#M55087 <P>How can i detect low and slow data exfiltration with the Cisco IPS?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Sun, 10 Mar 2019 12:42:38 GMT https://community.cisco.com/t5/network-security/data-exfiltration/m-p/2012925#M55087 bob.bartlett 2019-03-10T12:42:38Z https://community.cisco.com/t5/network-security/data-exfiltration/m-p/2012926#M55088 <HTML><HEAD></HEAD><BODY><P>This is a valid question.&nbsp; Let's get some discussion going here.</P><P></P><P>Bob, you wouldn't happen to be talking about 3.H.1. would you?</P></BODY></HTML> Tue, 26 Jun 2012 18:12:21 GMT https://community.cisco.com/t5/network-security/data-exfiltration/m-p/2012926#M55088 chris.cumbaa 2012-06-26T18:12:21Z https://community.cisco.com/t5/network-security/data-exfiltration/m-p/2012927#M55089 <HTML><HEAD></HEAD><BODY><P>Yes I am talking about 3.H.1 also looking at 3.H.1.B I was going to create a custom Signatures that looks for ZIP and RAR files for the compressed files.</P></BODY></HTML> Tue, 26 Jun 2012 18:36:28 GMT https://community.cisco.com/t5/network-security/data-exfiltration/m-p/2012927#M55089 bob.bartlett 2012-06-26T18:36:28Z