Data leaked to unauthorized entities

In this scenario, an organization is alerted that sensitive data was leaked to unauthorized entities within the organization or to external parties.

Objective

To solve the problem in these investigations, the organization has these objectives:

  • Determine the nature and the amount of leaked data.
  • Understand the techniques that were employed.
  • Uncover the perpetrators.
  • Identify the source of the leak.

Investigation

Use the tools on the Forensics tab to help you investigate.

This image shows the options available in the Forensics tab to help you investigate the problem. Press Shift and click a link in the image to learn more about QRadar Incident Forensics. Click this area to get information about document search Click this area to get information about pivoting data Click this area to get information about data reconstruction Click this area to get information about Surveyor Click this area to get information about Digital Impression
  1. Use free-form search to search for identifiers of data that was leaked.
  2. Examine suspect content that is flagged by the product.
  3. Review the full extent of leaked or leaking data by reviewing data reconstruction.
  4. Use Digital Impression and visualizations to explore all involved entity relationships.
  5. Use Surveyor to see a timeline of activities so that you can retrace an attack.
  6. Use free-form search to discover the motivations for the data leak.
  7. Use data-pivoting to find linkages to other data that was possibly leaked.