File Profile
File Profile
Note
To enable this feature, contact Netskope Sales.
Data Loss Prevention (DLP) and Threat Protection use file profiles to allow or exclude specific files based on the following attributes:
| OR | |
| Name or Extension | |
| File Type | |
| File Hash | |
| Object ID | |
| AND | |
| File size | |
| Protected/Encrypted | |
| Sensitivity Label |
You can configure more than one attribute for each file profile. Depending on the attribute type (OR and AND), Netskope scans for files that meet the criteria. For example, if you add a file profile with a file type and file hash attribute, Netskope will scan for files that have the specified file type or file hash. You can also require Netskope to scan for file size and whether a file is password-protected or encrypted. For example, if you add a file profile with a file type, file hash, and file size attribute, Netskope will scan for files that have the specified file type or file hash and matches the configured file size.
To add a file profile:
- Go to Policies > File.
- Click New File Profile.
- In the Add File Profile window, under File Attributes:
- Name or Extension: Enter file names with extensions on separate lines or separated by commas. You can also use up to two wildcard (*) characters per line and enable or disable case sensitivity. Click Import from CSV to upload file names from a CSV file:
- Add to List: Add more file names or extensions in the CSV file to the existing entries. Replace File: Replace the existing entries with the file names or extensions in the CSV file.
File Type: Select a file type or category. If you select a category, all file types are selected by default. Click 
to view and select or deselect specific file types in each category. Click Categories to go back to the category view. Netskope recommends selecting categories instead of specific file types because it provides more coverage.For a list of all the supported file types and categories, see Supported File Categories and File Types.
Note
This attribute is only supported for DLP profiles.
File Hash: Select the hash type of the files, such as SHA-256 and MD5, and enter the hash values on separate lines. Click Import from CSV to upload file hashes from a CSV file (8 MB limit):
Add to List: Add more file hashes in the CSV file to the existing entries.
Replace File: Replace the existing entries with the file hashes in the CSV file.To delete all entries in the MD5 or SHA-256 file hash list, click More and then Remove.
Object ID: Enter object IDs of the files. Click Import from CSV to upload object IDs from a CSV file:
Add to List: Add more object IDs in the CSV file to the existing entries.
Replace File: Replace the existing entries with the object IDs in the CSV file.
File Size: Configure the file size criteria of the file by choosing an operator, entering a size number, and choosing a unit. The file size is an AND attribute.
Protected/Encrypted: Select the type of protection or encryption of the file. The protected/encrypted options are an AND attribute.
File is password-protected: The file is a password-protected ZIP, PDF, or Office document.
File is protected by MIP: Identify if the file is protected by Microsoft Information Protection (MIP).
Encrypted by:
Sanctioned Instance: : Selecting this will check if the content is encrypted using any connected corporate MIP Instance. (An Instance that has been setup on the settings page is treated as a corporate instance)
Unsanctioned Instance: Selecting this will check if the content is encrypted using any MIP Instance (Any instance apart from what is setup is considered as unsanctioned instance)
Sensitivity Label: Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization’s data. This section allows you to configure what sensitivity label that Netskope should look for while inspecting the traffic. Workflow for choosing the labels is as below:
Select the Vendor, Instance, and Label setting.
If you would like to detect whether content has a sensitivity label, select the option “Detect object with classification label applied from the selected instance.” Multiple labels can be configured.
If you would like to detect if the content does not have any sensitivity label applied to it, select the option “Detect object with no classification label applied from the selected instance”.
There are no labels that can be selected with Detect object with no classification label applied.
- Name or Extension: Enter file names with extensions on separate lines or separated by commas. You can also use up to two wildcard (*) characters per line and enable or disable case sensitivity. Click Import from CSV to upload file names from a CSV file:
- Click Next.
- Under Set Profile:
- Profile Name: Enter a name for the file profile.
- Description: (Optional) Enter a description for the file profile.
- Click Save.
- Click Apply Changes.
After adding a File Profile, you can select it when configuring the DLP or Malware Detection profile to allow or block certain files or their actions based on their attributes.
Note: Netskope allows inspection of content that is MIP encrypted. This will provide additional visibility as encrypted files will now be decrypted and inspected for any policy violations. Note that the decryption of content does not need any configuration changes. If the instance is setup, then automatically decryption should work for all the content that is encrypted using this instance
Note: Currently only inspection of labels and MIP encrypted content is applicable for Files and not emails
Filetypes supported: Netskope uses the Microsoft SDK for the integration. Hence Netskope will support all the filetypes that are supported by Microsoft. https://learn.microsoft.com/en-us/information-protection/develop/concept-supported-filetypes
Note: Reading of MIP labels when the coauthoring feature is enabled is also supported as part of this integration.
