Hunting for Data Exfiltration Indicators When to Use - When hunting for data theft in compromised environments - After detecting unusual outbound data volumes or patterns - When investigating potential insider threat data theft - During incident response to determine what data was stolen - When threat intel indicates data exfiltration campaigns targeting your sector Prerequisites - Network proxy/firewall logs with byte-level data transfer metrics - DLP solution or CASB with cloud upload visibility - DNS query logs for DNS exfiltration detection - Email gateway logs for attachment monitoring -…