Hello Broadcom team,
Customer observed through the Graph API Command from which they bypass the Data. Please assist the same for control.
Customer has blocked the file access in GUI for the users. However, he wants to block the sharing from CLI as well. Please find detailed explanation below:
For ex.
Please find the below demonstration of data exfiltration via one drive using Microsoft graph API which bypass the DLP.
1) As can be seen below, when we try to upload the aadhar.txt (encapsulated with Aadhar card numbers) on personal one drive i.e. non-BFL one drive via browser, the DLP blocks the file upload.
2) However, when we try to upload the aadhar.txt (encapsulated with Aadhar card numbers) on personal one drive i.e. non-BFL one drive via CLI (command line interface) using Graph API it is not getting blocked by DLP. PFB Snapshot FYR:
3) As can be seen below, we have now successfully uploaded the file on personal/non-BFL one drive.
Note: The same methodology will work for the below storage sites where data was exfiltrated bypassing DLP.
Thanks & Regards
Kavya