Risky behavior detection

  • 22 September 2023
  • 3 replies

Badge +2

is there a way to create an alert to detect the movement of files that have a mismatched file extension?

i know Netskope will do its inspect of the file but i would like an alert on this as an indicator of risky behavior.


Best answer by aramachandran 22 September 2023, 22:41

View original

3 replies

Userlevel 3
Badge +13

What is your concern here - unacceptable/shady behavior or data/malware risk ?
Sounds like the former.. but thought I'd ask - The one way I'm thinking is using NAA to regex the object name (to extract the extension from the object name) and compare against the file type that we detect - but that's manual.. 

Badge +2

yes thats correct, this is to track the shady behavior. 

its worth a shot. ill report back after a try

Userlevel 4
Badge +10

You can also try to create a realtime policy for certain categories or applications, and apply file type constraints for upload and download activities to identify risky file type uploads and downloads.