Outbound/Upload - One Way Quota
Is it possible to implement a one way type quota?
We have come across an issue with data exfiltration through a legitimate site using a legitimate HTTPS service and want to know if uploads could be quoted?
In this instance we don't care about their downloads, but if they are sending away bulk data its raising red flags.
Trying to minimize potential false positives while also minimizing any calls to helpdesk due to quotas kicking in for the wrong metric.