A user took numerous screenshots. A valuable organization's information may have been collected in this way
Collect data and stage it on an endpoint in the organization.
Check whether this activity fits the user profile. Check for any other suspicious activity related to the host and the user involved in the alert. Check if there was a suspicious file upload following the massive screenshot activity. Check whether other users in the organization used the same process for file activity.