Quarantine Profile

A Quarantine profile is used for specifying where the file needs to be quarantined when there is a policy action of Quarantine. Use tombstone files to replace the content of the original file. The name and extension of the original file will be preserved.

You can create a quarantine profile using the classic or next gen platform. In classic, the applications integrations are built on the 1st gen API Data Protection platform. In next gen, the application integrations are built on the latest Next Gen API Data Protection platform. Classic applications will gradually be migrated to next gen.

[Classic] Quarantine Profile

To create classic quarantine profile:

1. Go to Policies > PROFILES > Quarantine > Classic > NEW QUARANTINE PROFILE.

   

2. Enter a quarantine profile name.

3. Under the QUARANTINE FOLDER tab, choose the app where you want the quarantined files to be uploaded. Today we support quarantined folders on:

   • Box

   • Dropbox

   • Google Drive

   • Microsoft Office 365 OneDrive

   • Microsoft Office 365 SharePoint

   • Slack for Enterprise

   For malware infected quarantine files, only one generic quarantine profile for a specific app will be used to store the infected files. For example, you can create a quarantine profile on Box. This profile will be used to store the malware infected quarantine files for the rest of the supported apps. Once you have created the quarantine profile, refer the Creating a Threat Protection Policy for API Data Protection article to enable threat protection on API Data Protection apps.

4. Choose the instance of the app previously created in Settings > Configure App Access > Classic > SaaS.

5. [SharePoint only] Select a SharePoint site and click SAVE.

6. Enter the email address of the owner of the quarantine folder.

   • The email address must be from an actual user in the SaaS app. Netskope does not support email aliases.
   • As a prerequisite for email notification of a quarantine profile, email address of a user is required in the API Data Protection policy definition where the quarantine profile is used.
   • Before setting up a quarantine profile for Office 365 OneDrive app, the owner should log into the Office 365 account and set up the OneDrive app.
   • For Slack for Enterprise app, the email address should be the same as that you entered during the Slack for Enterprise instance setup.

7. Choose the Encrypt checkbox if the quarantined files have to be encrypted.

8. Enter the email address(es) of administrators that need to be notified when a file is uploaded to quarantine folder.

9. Under the TOMBSTONE tab, you can either select the default or custom text to be displayed during a DLP violation and threat protection tombstone text.

   

   A custom tombstone text cannot be applied on an ms-powerpoint (.ppt) MIME type. Netskope applies the default tombstone text on an an ms-powerpoint (.ppt) MIME type.

10. To use your own tombstone files, enable the Use Uploaded Tombstone File checkbox. If you have not yet uploaded a tombstone file, click custom tombstone files to do so.

    1. Click + Add.

    2. Enter a file extension type and then click Select File to upload your tombstone file.

    3. When finished, click Upload.

       

       If you have a custom tombstone file uploaded along with a custom text, the tombstone file takes precedence over the custom text.

11. Click Save and Apply Changes.

If you have a requirement to quarantine malware infected files, refer the Creating a Threat Protection Policy for API Data Protection to enable threat protection on API Data Protection apps.

[Next Gen] Quarantine Profile

To create a Next Gen quarantine profile, follow the steps below:

1. Log in to your Netskope tenant and navigate to Policies > PROFILES > Quarantine > Next Gen > NEW QUARANTINE PROFILE.

   

2. Enter a profile name.

3. Under the Quarantine Folder tab, select the app name and instance.

   Currently, Netskope supports Microsoft OneDrive and SharePoint as quarantine destinations.

4. Based on your app selection:

   1. OneDrive: Enter the email address of the quarantine folder owner.

   2. SharePoint: Enter the SharePoint site or subsite URL in this format: https://<account-name>.sharepoint.com/sites/<site-name>. For example: https://netskope.sharepoint.com/sites/forensic-data-site

      Followed by the email address of the user who has access to the site URL you entered above.

5. Next, under the Tombstone tab, you can either select the default or custom text to be displayed after a DLP violation.

6. To use your own tombstone files, you can upload the file(s) while creating a quarantine profile, or upload them directly by clicking custom tombstone files on the main Quarantine Profile page.

   1. Click + Add.

   2. Enter a file extension type and then click Select File to upload your tombstone file.

   3. When finished, click Upload.

      If you have a custom tombstone file uploaded along with a custom text, the tombstone file takes precedence over the custom text.

7. Click Save and Apply Changes.