Threshold Rules
Block File Copies After 25 Files Have Been Copied to a USB Drive in an Hour
Monitor and control file transfer activity to prevent excessive data movement to USB drives, reducing risk of data exfiltration and misuse.
- Automatically block file copying once 25 files is reached within an hour.
- Track and record file transfer activity to provide insight into data movement patterns.
- Trigger real-time alerts to your RMM system for rapid response when the set threshold is met.
This rule assists MSPs in maintaining tighter control over data security by preventing bulk transfers to USB drives, which could indicate potential data theft or unauthorized backup activity.
[Shortcode:BLOCKUSBCOPY25PER60MIN]
Block File Deletes After 100 Files Have Been Deleted in an Hour
Prevent unauthorized bulk deletions of files on endpoints to safeguard against accidental or malicious data loss.
- Automatically block file deletions when 100 files have been deleted within an hour.
- Maintain an audit log of all deletion activities for thorough tracking and review.
- Generate real-time alerts to your RMM system to ensure prompt attention and action.
This rule helps MSPs protect their clients’ data by monitoring and limiting excessive file deletions, a key indicator of potential data manipulation or unauthorized activity.