Manage Quarantine Files

Manage Quarantine Files

This endpoint allows different operations to be performed on quarantined files.

Request Endpoint

https://<tenant-URL>/api/v1/quarantine

Valid parameters are:

KeyValueDescription
tokenstringRequired. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL.
opget-files | download-url | take-action
  • get-files: Will get list of quarantined files.
  • download-url: Will get the URL to be used in the download of a file. The response here will be HTTP Redirect (Response Code 302)
  • take-action: Action to be take on a SINGLE quarantined file.
quarantine_profile_idID of a quarantine profile.
  • This is needed for op=download-url.
  • Also needed for op=take-action.
starttimeUnix epoch time (rounded off to nearest period)
  • Use for op=get-files.
  • Get files last modified within a certain time period.
  • These are optional parameters. If not provided starttime is assumed to be 0 and endtime is assumed to be the current time.
endtimeUnix epoch time (rounded off to nearest period)
  • Use for op=get-files.
  • Get files last modified within a certain time period.
  • These are optional parameters. If not provided starttime is assumed to be 0 and endtime is assumed to be the current time.
file_idID of a file, needed to identify a file.
  • Needed for op=download-url.
  • Needed for op=take-action.
actionblock | allow
  • Action to be performed on a quarantined file.
  • action = block means the quarantined file will be deleted.
  • action = allow means the quarantined file will be restored.

There is no REST API to actually download a file because a file download will not be done through a web service. It goes directly to the API Connector service (via a redirection through NGINX).

A typical scenario to download quarantined files is outlined below:

  1. Get the list of quarantined files using op = get-files (like https://<tenant-URL>/api/v1/quarantine?token=xxx&op=get-files).
    • The token passed in here is the REST API token for the tenant.In the response for each file there will be a quarantine_profile_id and file_id for each file which can be downloaded.
  2. For each file, get a download URL using op = download-url
    • Parameters to be passed are the quarantine_profile_id and file_id returned in 1a. (like https://<tenant-URL>/api/v1/quarantine?token=xxx&op= download-url&quarantine_profile_id=<yyy>&file_id=<zzz>) This returns a HTTP Redirect response (Response Code 302) and the redirect location will be like https://<tenant-URL>/quarantine/download?token=<Temp Token>&quarantine_profile_id=<yyy>&file_id=<zzz>Note that the token returned in the redirect header is a temporary token (not the Tenant REST API token). This token will be valid for 30secs or so.The API Connector service will validate the token and respond with the file requested.
  3. After downloading the file and looking at it, take an action (allow or block) using op = take-action. (like https://<tenant-URL>/api/v1/quarantine?token=xxx&op=take-action&action=<allow|block>&quarantine_profile_id=<yyy>&file_id=<zzz>)

    Note the token passed here is again the tenant REST API token.

Share this Doc

Manage Quarantine Files

Or copy link

In this topic ...