Quarantine Profile
A Quarantine profile is used for specifying where the file needs to be quarantined when there is a policy action of Quarantine. Use tombstone files to replace the content of the original file. The name and extension of the original file will be preserved.
To create quarantine profile:
Go to Policies > PROFILES > Quarantine > NEW QUARANTINE PROFILE.
Tip
To upload your tombstone files directly, click CUSTOMER PROVIDED TOMBSTONE FILES. To use this feature, refer to Upload Tombstone Files below.
Enter a quarantine profile name.
Under the QUARANTINE FOLDER tab, choose the app where you want the quarantined files to be uploaded. Today we support quarantined folders on:
Box
Dropbox
Google Drive
Microsoft Office 365 OneDrive
Microsoft Office 365 SharePoint
Slack for Enterprise
Note
For malware infected quarantine files, only one generic quarantine profile for a specific app will be used to store the infected files. For example, you can create a quarantine profile on Box. This profile will be used to store the malware infected quarantine files for the rest of the supported apps. Once you have created the quarantine profile, refer the Creating a Threat Protection Policy for API Data Protection article to enable threat protection on API Data Protection apps.
Choose the instance of the app previously created in Settings > API-enabled Protection > SaaS.
[SharePoint only] Select a SharePoint site and click SAVE.
Enter the email address of the owner of the quarantine folder.
Note
The email address must be from an actual user in the SaaS app. Netskope does not support email aliases.
As a prerequisite for email notification of a quarantine profile, email address of a user is required in the API Data Protection policy definition where the quarantine profile is used.
Before setting up a quarantine profile for Office 365 OneDrive app, the owner should log into the Office 365 account and set up the OneDrive app.
For Slack for Enterprise app, the email address should be the same as that you entered during the Slack for Enterprise instance setup.
Choose the Encrypt checkbox if the quarantined files have to be encrypted.
Enter the email address(es) of administrators that need to be notified when a file is uploaded to quarantine folder.
Under the TOMBSTONE tab, you can either select the default or custom text to be displayed during a DLP violation and threat protection tombstone text.
Note
A custom tombstone text cannot be applied on an ms-powerpoint (.ppt) MIME type. Netskope applies the default tombstone text on an an ms-powerpoint (.ppt) MIME type.
To use your own tombstone files, enable the Use Uploaded Tombstone File checkbox. If you have not yet uploaded a tombstone file, click custom tombstone files to do so.
Click Save.
Click Apply Changes.
If you have a requirement to quarantine malware infected files, refer the Creating a Threat Protection Policy for API Data Protection to enable threat protection on API Data Protection apps.
Upload Tombstone Files
To use your own tombstone files, you can upload the file(s) while creating a quarantine profile, or upload them directly by clicking CUSTOM TOMBSTONE FILES on the main Quarantine Profile page. Enter a file extension type and then click Select File to upload your tombstone file. When finished, click Upload.
 |
Note
If you have a custom tombstone file uploaded along with a custom text, the tombstone file takes precedence over the custom text.