Manage Quarantine Files
Manage Quarantine Files
This endpoint allows different operations to be performed on quarantined files.
Request Endpoint
https://<tenant-URL>/api/v1/quarantine
Valid parameters are:
Key | Value | Description |
---|---|---|
token | string | Required. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL. |
op | get-files | download-url | take-action |
|
quarantine_profile_id | ID of a quarantine profile. |
|
starttime | Unix epoch time (rounded off to nearest period) |
|
endtime | Unix epoch time (rounded off to nearest period) |
|
file_id | ID of a file, needed to identify a file. |
|
action | block | allow |
|
There is no REST API to actually download a file because a file download will not be done through a web service. It goes directly to the API Connector service (via a redirection through NGINX).
A typical scenario to download quarantined files is outlined below:
- Get the list of quarantined files using
op = get-files
(likehttps://<tenant-URL>/api/v1/quarantine?token=xxx&op=get-files
).- The token passed in here is the REST API token for the tenant.In the response for each file there will be a quarantine_profile_id and file_id for each file which can be downloaded.
- For each file, get a download URL using op = download-url
- Parameters to be passed are the quarantine_profile_id and file_id returned in 1a. (like
https://<tenant-URL>/api/v1/quarantine?token=xxx&op= download-url&quarantine_profile_id=<yyy>&file_id=<zzz>)
This returns a HTTP Redirect response (Response Code 302) and the redirect location will be likehttps://<tenant-URL>/quarantine/download?token=<Temp Token>&quarantine_profile_id=<yyy>&file_id=<zzz>
Note that the token returned in the redirect header is a temporary token (not the Tenant REST API token). This token will be valid for 30secs or so.The API Connector service will validate the token and respond with the file requested.
- Parameters to be passed are the quarantine_profile_id and file_id returned in 1a. (like
- After downloading the file and looking at it, take an action (allow or block) using op = take-action. (like
https://<tenant-URL>/api/v1/quarantine?token=xxx&op=take-action&action=<allow|block>&quarantine_profile_id=<yyy>&file_id=<zzz>)
Note the token passed here is again the tenant REST API token.