API Data Protection Policy Actions per Cloud App
Note
To view the policy actions for Next Generation API Data Protection cloud apps, see Next Generation API Data Protection Policy Actions per Cloud App.
You can set up various actions to perform once a policy is triggered. Netskope supports the following actions to mitigate risk exposure:
Alerts: Generates alerts on the Skope IT > Alerts page when a DLP policy matches.
Change Ownership: Designates the administrative owner of files and folders for which the policy is applied.
Encrypt: Allows you to encrypt a file if it matches policy criteria. Encryption must be enabled in your tenant instance to use this feature. Please contact support (
support@netskope.com
) if you do not see this as an action in the policies.Quarantine: Allows you to quarantine a file if a user uploads a document that has a DLP violation. This moves the file to a quarantine folder for you to review and take appropriate action (allow the file to be uploaded or block the file from being uploaded).
Note
This action is available only if you select a DLP profile from the API Data Protection policy workflow.
Legal Hold: Preserves all forms of relevant information when litigation is reasonably anticipated. You can choose to have a copy of the file saved for legal purpose if it matches policy criteria.
Forensic: Allows you to apply a forensic profile that flags policy violations and then stores the file in a forensic folder.
Azure Rights Management: Azure Rights Management Services (RMS) is cloud-based service which uses encryption, identity, and authorization policies to secure Microsoft files like Word, Excel, PowerPoint, and more. The RMS action applies an RMS template to a Microsoft Office file uploaded in OneDrive for Business only.
Vera: Netskope integrates with Information Rights Management (IRM) systems such as Vera to protect your sensitive information from being shared with unauthorized users through cloud applications.
Microsoft Information Protection (MIP): Netskope integrates with Information Rights Management (IRM) systems such as MIP to protect your sensitive information from being shared with unauthorized users through cloud applications.
Expire Externally Shared Links: Sets an expiration in days for files with publicly shared links.
Here are the possible actions you can take for each supported cloud app:
Cloud App
Alerts
Change Ownership
Encrypt$
Quarantine$$
Legal Hold
Forensic
RMS
Vera$
MIP$
Expire Externally Shared Links*
Atlassian Confluence (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Atlassian Jira (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Citrix ShareFile (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Gmail
Yes**
No
No
No
No
No
No
No
No
No
Google Cloud Platform
Yes
No
No
No
No
Yes
No
No
No
No
Amazon S3
Yes
No
No
No
No
Yes
No
No
No
No
Box
Yes
No
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes***
Cisco Webex Teams
Yes
No
No
No
No
No
No
No
No
No
Dropbox
Yes
No
Yes
Yes
No
No
No
Yes
No
No
Egnyte
Yes
Yes
Yes
No
No
Yes
No
Yes~
No
No
GitHub
Yes
No
No
No
No
No
No
No
No
No
GitHub (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Google Drive^^
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes~
Yes
No
Microsoft Azure Blob Storage
Yes
No
No
No
No
Yes
No
No
No
No
Microsoft OneDrive
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Microsoft 365 OneDrive GCC High (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Microsoft SharePoint
Yes
No
Yes
Yes
No
Yes
No
Yes
Yes
No
Microsoft 365 SharePoint GCC High (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Microsoft Teams
Yes
No
No
Yes#
No
No
No
No
No
No
Microsoft 365 Teams GCC High (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Microsoft Outlook
Yes**
No
No
No
No
No
No
No
No
No
Microsoft 365 Yammer (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Okta (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Salesforce unstructured data (files)
Yes
No
No
No
Yes
No
No
No
No
No
Salesforce structured data (Chatter messages and posts)
Yes
No
No
No
Yes
No
No
No
No
No
Slack Team
Yes
No
No
No
Yes^
No
No
No
No
No
Slack Enterprise
Yes
No
No
Yes
Yes
No
No
No
No
No
ServiceNow
Yes
No
No
No
No
No
No
No
No
No
Workday (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Workplace by Facebook
Yes
No
No
No
No
No
No
No
No
No
Zendesk (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
Zoom (Next Gen)
Yes
No
No
No
No
No
No
No
No
No
*You can configure the number of days for which you want the link to expire. This is particularly useful for externally shared files and public files.
**Netskope does not scan emails in deleted/trash folder. Netskope will continue to scan emails in sent folder.
*** In Box Admin Console > Enterprise Settings > Content > Sharing > Auto-Expiration > Allow item owners and editors to modify the expiration date must be enabled for Expire Externally Shared Links to work.
$If you use the encrypt policy action, ensure that you have a Netskope real-time deployment i.e., a reverse or forward proxy. The Netskope real-time deployment is required to decrypt the file.
$$This action is available only if you select a DLP profile from the API Data Protection policy workflow.
~Egnyte and Google Drive apps do not use Vera's partner tags.
#You cannot create an exclusive quarantine profile for Microsoft Teams. If you have set up an Office 365 OneDrive or SharePoint app, you can leverage the quarantine profile of these apps.
^Slack for Team Legal Hold action is applicable to files only.
^^Netskope does not get any notification when an internal user edits a file owned by an external user. In a nutshell, externally owned files are not audited by Google. This is a known limitation in Google Drive.
Restrict Access: Depending on the app, there are different options available to restrict a publicly or externally shared file. Here are the restriction options for each supported cloud app:
Cloud App
Restrict Access to Owner
Restrict Access to Internal User
Restrict Access - Remove Individual Users
Restrict Access to Specific Domain
Restrict Access - Remove Public Links
Restrict Access - Remove Organization Wide Link
Restrict Collaborators to View-only Permission
Restrict Access - Allowlist External Domains
Atlassian Confluence (Next Gen)
No
No
No
No
No
No
No
No
Atlassian Jira (Next Gen)
No
No
No
No
No
No
No
No
Citrix ShareFile (Next Gen)
No
No
No
No
No
No
No
No
Gmail
No
No
No
No
No
No
No
No
Google Cloud Platform
No
No
No
No
No
No
No
No
Amazon S3
No
No
No
No
No
No
No
No
Box
Yes
Yes
No
Yes
Yes
No
Yes*
Yes
Cisco Webex Teams
No
No
No
No
No
No
No
No
Dropbox
Yes
Yes
No
Yes
Yes
No
No
Yes
Egnyte
Yes
Yes
No
Yes
Yes
No
No
Yes
GitHub
No
No
No
No
No
No
No
No
GitHub (Next Gen)
No
No
No
No
No
No
No
No
Google Drive
Yes
Yes
No
Yes
Yes
No
Yes
Yes
Microsoft Azure Blob Storage
No
No
No
No
No
No
No
No
Microsoft OneDrive
Yes
Yes
Yes
No
Yes
Yes
No
No
Microsoft 365 OneDrive GCC High (Next Gen)
No
No
No
No
No
No
No
No
Microsoft SharePoint
Yes
Yes
Yes
No
Yes
Yes
No
No
Microsoft 365 SharePoint GCC High (Next Gen)
No
No
No
No
No
No
No
No
Microsoft Teams
No
No
No
No
No
No
No
No
Microsoft 365 Teams GCC High (Next Gen)
No
No
No
No
No
No
No
No
Microsoft Outlook
No
No
No
No
No
No
No
No
Microsoft 365 Yammer (Next Gen)
No
No
No
No
No
No
No
No
Okta (Next Gen)
No
No
No
No
No
No
No
No
Salesforce unstructured data (files)
No
No
No
No
No
No
No
No
Salesforce structured data (Chatter messages and posts)
No
No
No
No
No
No
No
No
Slack Team
No
No
No
No
No
No
No
No
Slack Enterprise
No
No
No
No
No
No
No
No
ServiceNow
No
No
No
No
No
No
No
No
Workday (Next Gen)
No
No
No
No
No
No
No
No
Workplace by Facebook
No
No
No
No
No
No
No
No
Zendesk (Next Gen)
No
No
No
No
No
No
No
No
Zoom (Next Gen)
No
No
No
No
No
No
No
No
*Box does not directly support the view only action. To support this action, the file is locked and the permissions of all the collaborators in the Box folder are set to Previewer Uploader access level so that the collaborators cannot unlock the file.
DLP: The DLP profiles that enforce compliance and protect sensitive data consist of DLP rules that specify data identifiers. These data identifiers find content that should not be present in cloud app transactions or public cloud storage.
Threat Protection: Scans files stored in your cloud storage applications for malware.
Audit: The audit action generates audit logs/events such as any change made in the SaaS app (upload, download, delete, and more) that Netskope retrieves using API calls. You can view the audit logs/events on the Skope IT > EVENTS > Application Events page of the Netskope UI.
Delete: Deletes a file from the cloud app when a policy matches.
Note
This action is available only if you select a DLP profile from the API Data Protection policy workflow.
Retroactive Scan: A retroactive policy scans all the files and folders for the app instance right from the inception of the SaaS app.
Note
Netskope supports one active retroactive scan per application instance. If you intend to scan the same content against multiple policies, you can do so by combining these policies together under a single retroactive scan.
Cloud App
Restrict Access - Blocklist External Domains
Restrict Collaborators - Disable Print and Download
DLP
Threat Protection
Audit*
Delete$
Retroactive Scan
Atlassian Confluence (Next Gen)
No
No
No
No
Yes
No
No
Atlassian Jira (Next Gen)
No
No
No
No
Yes
No
No
Citrix ShareFile (Next Gen)
No
No
Yes
Yes
Yes
No
No
Gmail
No
No
Yes^
No
No
No
No
Google Cloud Platform
No
No
No
No
No
No
No
Amazon S3
No
No
Yes
Yes
Yes
No
Yes
Box
Yes
Yes**
Yes
Yes
Yes
Yes
Yes
Cisco Webex Teams
No
No
Yes
No
No
Yes
No
Dropbox
Yes
No
Yes
Yes
Yes
Yes
Yes
Egnyte
Yes
No
Yes
Yes
Yes
No
Yes
GitHub
No
No
No
No
Yes
No
No
GitHub (Next Gen)
No
No
Yes
No
Yes
No
No
Google Drive
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Microsoft Azure Blob Storage
No
No
Yes
Yes
No
No
Yes
Microsoft OneDrive
No
No
Yes
Yes
Yes
Yes
Yes
Microsoft 365 OneDrive GCC High (Next Gen)
No
No
No
No
Yes
No
No
Microsoft SharePoint
No
No
Yes
Yes
Yes
No
Yes
Microsoft 365 SharePoint GCC High (Next Gen)
No
No
No
No
Yes
No
No
Microsoft Teams
No
No
Yes~
Yes
Yes
No
No
Microsoft 365 Teams GCC High (Next Gen)
No
No
No
No
Yes
No
No
Microsoft Outlook
No
No
Yes^
No
No
No
No
Microsoft 365 Yammer (Next Gen)
No
No
Yes
Yes
Yes
No
No
Okta (Next Gen)
No
No
No
No
Yes
No
No
Salesforce unstructured data (files)
No
No
Yes
Yes
Yes
No
Yes
Salesforce structured data (Chatter messages and posts)
No
No
Yes
Yes
Yes
No
Yes
Slack Team
No
No
Yes
No
No
No
No
Slack Enterprise
No
No
Yes
Yes^^
Yes
Yes
No
ServiceNow
No
No
Yes
No
No
No
Yes
Workday (Next Gen)
No
No
Yes
Yes
Yes
No
No
Workplace by Facebook
No
No
Yes
No
Yes
Yes#
No
Zendesk (Next Gen)
No
No
No
No
Yes
No
No
Zoom (Next Gen)
No
No
Yes
No
Yes
No
No
*The audit action generates audit logs/events such as any change made in the SaaS app (upload, download, delete, and more) that Netskope retrieves using API calls. You can view the audit logs/events on the Skope IT > EVENTS > Application Events page of the Netskope UI.
$This action is available only if you select a DLP profile from the API Data Protection policy workflow.
^Netskope does not scan emails in deleted/trash folder. Netskope will continue to scan emails in sent folder. Regular file attachments get scanned for DLP. If you attach a file using Google Drive, note the following behavior:
Insert file as a link - DLP policy hit on the body and subject of the sent email.
Insert file as an attachment - DLP policy hit on the body and subject of the sent email.
^^Threat protection for Slack Enterprise applies to files only. Chat messages are snippets are not supported.
**Box does not directly support the disable download action for certain users. To support this action, the file is locked along with the disable download action enabled.
Note
The disable download action disables download for collaborators who have the view permission. For collaborators with the edit permission, the download remains enabled.
~Microsoft does not provide any webhook notification for files uploaded through the files and wiki tab of Microsoft Teams. Due to this limitation, Netskope does not support DLP scanning for such file uploads. However, Netskope detects files sent as an attachment from a channel's chat window. For full DLP coverage, you should set up respective API Data Protection instances for Microsoft Office 365 OneDrive and SharePoint.
#The delete action for Workplace by Facebook applies to group posts and comments. This action does not apply to chat messages.
Order of Policy Actions Within a Single App
For multiple policies with different actions, Netskope executes all the actions applicable to the notification in the following order:
Threat Quarantine
Threat Alert
Alert/ DLP Alert
Revoke
Legal Hold
File Classification
Disable Download
Restrict to View
Restrict Access
Expire Link
Delete
RMS (After this action exit policy processing)
IRM
Quarantine
Encrypt
Change Ownership
Block Access