Hello Netskope community,
Last week I received an alert that malware was discovered by malware on a host. I reached out to owner of the host and asked him to remove the malware. The owner of the host removed confirmation however netskope portal is still showing that malware. How do I verify that the malware is removed and how does Netskope verify the malware is removed?
Thanks
The alert in SkopeIT will always remain available in the UI as a historical event.
By default, the filter in 'Alerts' will filter on "Acknowledged: No" . Setting this alert to "Acknowledged" will hide it from SkopeIT (you can then also filter on Acknowledged: Yes if you want to look at previous acknowledged alerts)
You can then run a retrospective Scan (Policies -> API Data Protection -> Retroactive Scan (top right) -> Select any policy to start the scan:
This will force the API to run a new scan against your tenant. If the Malware is still present in the Cloud application, you should see a new alert (with a recent time stamp)
Hope that helps.
Thanks,
RT
Hey rthompson, thanks for the reply. That all makes sense and is what I expected. I guess the issue I'm running into is that in the malware view, I don't see a way to acknowledge the alert the way I do for compromised credentials. Are there specific permissions that need to be allowed to acknowledge malware alerts?
Actually I figured it out thanks.
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
