Once you have successfully set up the app instance, Netskope can start monitoring activities on your SaaS environment. Here is a list of activities Netskope can monitor:
Apps
Activities Monitored
Atlassian Confluence
Events to trigger DLP scan:
All spaces under the Atlassian Confluence site, including personal spaces. Inventory changes scanned:
Page created or updated.
Blog post created or updated.
Comment created or updated.
Attachment created or updated.
Citrix ShareFile
Events to trigger a DLP scan:
New file upload
New folder upload
Events to trigger alert:
New group creation
New user creation
Note
Netskope does not monitor content inside the email Inbox folder of ShareFile.
GitHub
Events to trigger DLP scan:
Commits pushed to a repository.
Individual file-level incident - With file-based alerts, Netskope can provide DLP alerts with detailed file-level information. Each section of a commit that includes any violations will result in a unique incident with a URL linking to that section of the commit. The alert will specify the violating commit, the associated file, and the specific code block that breaches the DLP rule. Additionally, it includes a URL that allows customers to easily view the identified violation within GitHub. To view a DLP incident, navigate to Incidents > DLP, look for a GitHub incident, and click it.
Note
Netskope can scan for DLP and threat protection on plain text source code only. Netskope does not scan binary files such as Microsoft Office docs, PDFs, images, executable files, and likes.
Netskope does not scan repositories outside the GitHub organization.
Netskope does not scan binary files due to GitHub API limitations downloading the content.
Gmail
Events to trigger a DLP scan or threat protection:
All emails sent by all organizations’ users (sent folder). This includes email subject, body, and attachment.
Google Drive
Events to trigger DLP scan:
New file created or uploaded.
File edited or renamed.
File deleted.
Microsoft 365 OneDrive (Commercial)
Events to trigger a DLP scan or threat protection:
Note
Netskope does not scan any OneNote files for DLP and threat protection on Microsoft 365 OneDrive (Commercial).
New file created or uploaded.
Make a copy of a file.
Replace content of a file.
If the permission of a parent folder changes, Netskope will trigger a DLP scan on the child folders and files.
Revoke access:
User shares a file either through link or directly grant access to a user.
Microsoft 365 Outlook (Commercial)
Events to trigger DLP scan:
All emails sent by all organization’s users (Sent item) will be scanned after instance connection, this includes:
Email subject
Email body
Email attachment
Microsoft 365 SharePoint (Commercial)
Events to trigger a DLP scan or threat protection:
Note
Netskope does not scan any OneNote files for DLP and threat protection on Microsoft 365 SharePoint (Commercial).
New file created or uploaded.
Make a copy of a file.
Replace content of a file.
If the permission of a parent folder changes, Netskope will trigger a DLP scan on the child folders and files.
Revoke access:
User shares a file either through link or directly grant access to a user.
Microsoft 365 Yammer
Events to trigger DLP scan:
New Yammer message content including:
DLP on Yammer messages content in DMs
DLP on Yammer messages content in Groups/Communities
Workday
Events to trigger DLP scan:
New file upload.
Make a copy of a file.
Replace a content of a file.
Note
Netskope relies on the polling mechanism to monitor the changes of a file. API polling occurs in intervals. If a file is deleted immediately after being created, the file may not be detected due to the polling interval delay.
Zoom
Events to trigger a DLP scan:
New/updated direct chat messages sent from an internal user. Message content only. No attachments.
New/updated channel messages sent from an internal user. Message content only. No attachments.
In both the case above, DLP scan applies to Zoom “Team Chat” messages only. DLP scanning on “in-meeting” chat is currently a controlled-GA feature. To try this feature, contact your Netskope sales representative or support.
