Skip to main content

Netskope Help

Activities Monitored by Netskope

Once you have successfully set up the app instance, Netskope can start monitoring activities on your SaaS environment. Here is a list of activities Netskope can monitor:

Apps

Activities Monitored

Citrix ShareFile

Events to trigger DLP scan:

  • New file upload.

  • New folder creation.

Events to trigger alert:

  • New group creation.

  • New user creation.

Note

Netskope does not monitor content inside the email Inbox folder of ShareFile.

GitHub

Commits pushed to a repository.

Note

  • Netskope does not scan repositories outside the GitHub organization.

  • Netskope does not scan binary files due to GitHub API limitations downloading the content.

Google Drive

Events to trigger DLP scan:

  • New file created or uploaded.

  • File edited or renamed.

  • File deleted.

Microsoft 365 OneDrive (Commercial)

Events to trigger a DLP scan or threat protection:

Note

Netskope does not scan any OneNote files for DLP and threat protection on Microsoft 365 OneDrive (Commercial).

  • New file created or uploaded.

  • Make a copy of a file.

  • Replace content of a file.

Revoke access:

  • User shares a file either through link or directly grant access to a user.

Microsoft 365 SharePoint (Commercial)

Events to trigger a DLP scan or threat protection:

Note

Netskope does not scan any OneNote files for DLP and threat protection on Microsoft 365 SharePoint (Commercial).

  • New file created or uploaded.

  • Make a copy of a file.

  • Replace content of a file.

Revoke access:

  • User shares a file either through link or directly grant access to a user.

Microsoft 365 Yammer

New Yammer message content.

Workday

Events to trigger DLP scan:

  • New file upload.

  • Make a copy of a file.

  • Replace a content of a file.

Note

Netskope relies on the polling mechanism to monitor the changes of a file. API polling occurs in intervals. If a file is deleted immediately after being created, the file may not be detected due to the polling interval delay.

Zoom

Events to trigger a DLP scan:

  • New/updated direct chat messages sent from an internal user. Message content only.

  • New/updated channel messages sent from an internal user. Message content only.

In both the case above, DLP scan applies to Zoom "Team Chat" messages only. No DLP scanning on "in-meeting" chat messages.