Quarantine Profile
Quarantine Profile
A Quarantine profile is used for specifying where the file needs to be quarantined when there is a policy action of Quarantine. Use tombstone files to replace the content of the original file. The name and extension of the original file will be preserved.
You can create a quarantine profile using the classic or next gen platform. In classic, the applications integrations are built on the 1st gen API Data Protection platform. In next gen, the application integrations are built on the latest Next Gen API Data Protection platform. Classic applications will gradually be migrated to next gen.
[Classic] Quarantine Profile
To create classic quarantine profile:
-
Go to Policies > PROFILES > Quarantine > Classic > NEW QUARANTINE PROFILE.
-
Enter a quarantine profile name.
-
Under the QUARANTINE FOLDER tab, choose the app where you want the quarantined files to be uploaded. Today, Netskope supports quarantined folders on:
-
Box
-
Dropbox
-
Google Drive
-
Microsoft Office 365 OneDrive
-
Microsoft Office 365 SharePoint
-
Slack for Enterprise
For malware infected quarantine files, only one generic quarantine profile for a specific app will be used to store the infected files. For example, you can create a quarantine profile on Box. This profile will be used to store the malware infected quarantine files for the rest of the supported apps. Once you have created the quarantine profile, refer the Creating a Threat Protection Policy for API Data Protection article to enable threat protection on API Data Protection apps. -
-
Choose the instance of the app previously created in Settings > Configure App Access > Classic > SaaS.
-
[SharePoint only] Select a SharePoint site and click SAVE.
-
Enter the email address of the owner of the quarantine folder.
- The email address must be from an actual user in the SaaS app. Netskope does not support email aliases.
- As a prerequisite for email notification of a quarantine profile, email address of a user is required in the API Data Protection policy definition where the quarantine profile is used.
- Before setting up a quarantine profile for Office 365 OneDrive app, the owner should log into the Office 365 account and set up the OneDrive app.
- For Slack for Enterprise app, the email address should be the same as that you entered during the Slack for Enterprise instance setup.
-
Choose the Encrypt checkbox if the quarantined files have to be encrypted.
-
Enter the email address(es) of administrators that need to be notified when a file is uploaded to quarantine folder.
-
Under the TOMBSTONE tab, you can either select the default or custom text to be displayed during a DLP violation and threat protection tombstone text.
– A custom tombstone text cannot be applied on an ms-powerpoint (.ppt) MIME type. Netskope applies the default tombstone text on an an ms-powerpoint (.ppt) MIME type.
– If you have any Microsoft Purview Information Protection (formerly Microsoft Information Protection)-encrypted files in Microsoft 365 OneDrive or SharePoint, Netskope cannot tombstone such encrypted files. This is due to a limitation in the Microsoft Graph API. -
To use your own tombstone files, enable the Use Uploaded Tombstone File checkbox. If you have not yet uploaded a tombstone file, click custom tombstone files to do so.
-
Click + Add.
-
Enter a file extension type and then click Select File to upload your tombstone file.
-
When finished, click Upload.
If you have a custom tombstone file uploaded along with a custom text, the tombstone file takes precedence over the custom text.
-
-
Click Save and Apply Changes.
If you have a requirement to quarantine malware infected files, refer the Creating a Threat Protection Policy for API Data Protection to enable threat protection on API Data Protection apps.
[Next Gen] Quarantine Profile
Use this option for SaaS apps built on the newer Next Generation API Data Protection platform. For a list of apps that are built on Next Generation API Data Protection, see Apps Supported in Classic and Next Generation API Data Protection.
To create a Next Gen quarantine profile, follow the steps below:
-
Log in to your Netskope tenant and navigate to Policies > PROFILES > Quarantine > Next Gen > NEW QUARANTINE PROFILE.
-
Enter a profile name.
-
Under the Quarantine Folder tab, select the app name and instance.
For a list of SaaS apps that support quarantine, see Next Generation API Data Protection Feature Matrix per Cloud App. -
Based on your app selection:
-
Dropbox: Enter the email address of the quarantine folder owner.
-
Egnyte: Enter the email address of the admin or power user.
You should enter the admin or power user email address for the quarantine profile. If you later change the user type to a ‘standard’ user, the user will lose the private folder and all the quarantine files that were stored. -
Google Drive: Enter the email address of the quarantine folder owner.
-
OneDrive: Enter the email address of the quarantine folder owner.
The email address must be from an actual user in the SaaS app. -
SharePoint: Enter the SharePoint site or subsite URL in this format: https://<account-name>.sharepoint.com/sites/<site-name>. For example: https://netskope.sharepoint.com/sites/forensic-data-site
Followed by the email address of the user who has access to the site URL you entered above.
-
Slack Enterprise: When creating a quarantine profile for Slack Enterprise, make sure to select the same Slack Enterprise instance that matches the one on the policy page.
-
-
Next, under the Tombstone tab, you can either select the default or custom text to be displayed after a DLP violation.
If you have any Microsoft Purview Information Protection (formerly Microsoft Information Protection)-encrypted files in Microsoft 365 OneDrive or SharePoint, Netskope cannot tombstone such encrypted files. This is due to a limitation in the Microsoft Graph API. -
To use your own tombstone files, you can upload the file(s) while creating a quarantine profile, or upload them directly by clicking custom tombstone files on the main Quarantine Profile page.
-
Click + Add.
-
Enter a file extension type and then click Select File to upload your tombstone file.
-
When finished, click Upload.
If you have a custom tombstone file uploaded along with a custom text, the tombstone file takes precedence over the custom text.
-
-
Click Save and Apply Changes.
Quarantine Tombstone for Microsoft Office 365 File Types
Next Generation API Data Protection has introduced quarantine tombstone for Microsoft Office 365 file formats. Netskope can replace contents of .docx, .xlsx, and .pptx file types with tombstone content while retaining the same file format. Customer need not set custom tombstone files for .docx, .xlsx, and .pptx file types anymore.
The ability for Next Generation API Data Protection to use default or customer-provided text in a Microsoft Office 365 tombstone is now available, though, only for .docx, .pptx, and .xlsx file types. For file types .doc, .ppt, and .xls, Netskope uses the default text that cannot be customized.