Netskope Help

Manage Quarantine Files

This endpoint allows different operations to be performed on quarantined files.

Request Endpoint
https://<tenant-name>.goskope.com/api/v1/quarantine

Valid parameters are:

Key

Value

Description

op

get-files | download-url | take-action

  • get-files: Will get list of quarantined files.

  • download-url: Will get the URL to be used in the download of a file. The response here will be HTTP Redirect (Response Code 302)

  • take-action: Action to be take on a SINGLE quarantined file.

quarantine_profile_id

ID of a quarantine profile.

  • This is needed for op=download-url.

  • Also needed for op=take-action.

starttime

Unix epoch time (rounded off to nearest period)

  • Use for op=get-files.

  • Get files last modified within a certain time period.

  • These are optional parameters. If not provided starttime is assumed to be 0 and endtime is assumed to be the current time.

endtime

Unix epoch time (rounded off to nearest period)

  • Use for op=get-files.

  • Get files last modified within a certain time period.

  • These are optional parameters. If not provided starttime is assumed to be 0 and endtime is assumed to be the current time.

file_id

ID of a file, needed to identify a file.

  • Needed for op=download-url.

  • Needed for op=take-action.

action

block | allow

  • Action to be performed on a quarantined file.

  • action = block means the quarantined file will be deleted.

  • action = allow means the quarantined file will be restored.

There is no REST API to actually download a file because a file download will not be done through a web service. It goes directly to the API Connector service (via a redirection through NGINX).

A typical scenario to download quarantined files is outlined below:

  1. Get the list of quarantined files using op = get-files (like https://<tenant-name>.goskope.com/api/v1/quarantine?token=xxx&op=get-files).

    • The token passed in here is the REST API token for the tenant.

    • In the response for each file there will be a quarantine_profile_id and file_id for each file which can be downloaded.

  2. For each file, get a download url using op = download-url

    • Parameters to be passed are the quarantine_profile_id and file_id returned in 1a. (like https://<tenant-name>.goskope.com/api/v1/quarantine?token=xxx&op= download-url&quarantine_profile_id=<yyy>&file_id=<zzz>)

    • This returns a HTTP Redirect response (Response Code 302) and the redirect location will be like https://<tenant-name>.goskope.com/quarantine/download?token=<Temp Token>&quarantine_profile_id=<yyy>&file_id=<zzz>

    • Note that the token returned in the redirect header is a temporary token (not the Tenant REST API token). This token will be valid for 30secs or so.

    • When the request is made the NGINX server will redirect the request directly to API Connector service instead of to the Web Service.

    • The API Connector service will validate the token and respond with the file requested.

  3. After downloading the file and looking at it, take an action (allow or block) using op = take-action. (like https://<tenant-name>.goskope.com/api/v1/quarantine?token=xxx&op=take-action&action=<allow|block>&quarantine_profile_id=<yyy>&file_id=<zzz>)

    Note the token passed here is again the tenant REST API token.

: