Action

Action

This section of the API Data Protection policy page specifies the action to be taken when a policy violation occurs. The actions vary depending on the app chosen. For some apps, the only action is alert. Similarly, restrict access options vary depending on the app chosen.

  1. Select the action you want to take from the drop-down list, like Alert, Block, Change Ownership, Restrict Access, Encrypt, Delete, Quarantine, Legal Hold, Restrict Sharing to View, Apply Azure RMS Template, Data Classification, Disable Print and Download, or IRM Protect.

    Note

    • Alert, Delete, Legal Hold, and Quarantine actions are available for Slack for Enterprise.

      When an external user upload a file on a Slack Connect channel, Netskope cannot perform delete (write) action on the file. This is because the file belongs to another organization.

      Once Netskope performs a delete action on a file, the Netskope tenant administrator may still have access to the deleted file from the Incidents > DLP page. This can happen if the Slack enterprise account has a retention policy to preserve the file. Though Netskope deletes the file from the Slack channel, the file may still be available to downloaded from the Netskope tenant. Please check your data retention policy with Slack support.

    • For a list of supported actions per cloud app, refer to API Data Protection Policy Actions per Cloud App

    Note

    For folders with 1000+ collaborators, Box does not send the list of collaborators to Netskope. Due to this, Netskope’s API Data Protection rounds off the number of collaborators to zero. API Data Protection policy such as Restrict Access will not work for such folders. This is a limitation in the Box app.

  2. Select the available action and click Next.
  3. For Quarantine, select an existing quarantine profile from the list, or create a new one. Click New Quarantine Profile from the drop-down list to create a new quarantine profile for this policy. A DLP profile must be selected in section to use Quarantine. In Create Quarantine Profile wizard, complete the Settings, Customize, and Set Profile pages. When finished, click Create Quarantine Profile. When finished, click Next.

    Note

    • Encrypted files sent to the quarantine folder are limited to 20 MB in size.
    • When an external user upload a file on a Slack Connect channel, Netskope cannot perform quarantine action on the file. This is because the file belongs to another organization.

    To trigger an email notification, you will need to set up a couple of things:

    1. Under Notification, select Send to custodian and to users in profile.
    2. Under Policies > PROFILES > Quarantine, create a new profile or edit an existing profile. Under NOTIFICATION EMAILS, the email notification will be sent to this email address.
  4. For Legal Hold, choose an existing profile from the drop-down list or click Create New. The CREATE LEGAL HOLD PROFILE wizard opens. For more information, refer to the Legal Hold section of Profiles. When files are placed in legal hold, emails are sent to the custodian and the users who created the files. When finished, click Next.
Share this Doc

Action

Or copy link

In this topic ...