Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- CASB
- Risky behavior detection
Risky behavior detection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-22-2023 07:44 AM
is there a way to create an alert to detect the movement of files that have a mismatched file extension?
i know Netskope will do its inspect of the file but i would like an alert on this as an indicator of risky behavior.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-22-2023 01:41 PM
What is your concern here - unacceptable/shady behavior or data/malware risk ?
Sounds like the former.. but thought I'd ask - The one way I'm thinking is using NAA to regex the object name (to extract the extension from the object name) and compare against the file type that we detect - but that's manual..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-22-2023 01:41 PM
What is your concern here - unacceptable/shady behavior or data/malware risk ?
Sounds like the former.. but thought I'd ask - The one way I'm thinking is using NAA to regex the object name (to extract the extension from the object name) and compare against the file type that we detect - but that's manual..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2023 04:51 AM
yes thats correct, this is to track the shady behavior.
its worth a shot. ill report back after a try
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2023 05:22 PM
You can also try to create a realtime policy for certain categories or applications, and apply file type constraints for upload and download activities to identify risky file type uploads and downloads.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
-
CASB
30 -
Netskope Agent
7 -
Client
7 -
DLP
6 -
API-Enabled Protection
6 -
API
5 -
NSClient
5 -
NG-SWG
4 -
netskope client
3 -
Real-time Policy
3 -
alerts
3 -
Unsanctioned apps
3 -
vpn
2 -
MS Teams
2 -
Threat Protection
2 -
steering
2 -
update
2 -
policy
2 -
incidents
2 -
CCI
2 -
block
2 -
Troubleshooting
2 -
install
2 -
Upgrade
2 -
Real time policy
2 -
Collaboration
1 -
Support
1 -
questions
1 -
policies
1 -
Privileges
1 -
version
1 -
Messaging
1 -
steering exception
1 -
IDC
1 -
Reports
1 -
Office 365
1 -
HTTP Header Profile
1 -
Next Gen SWG
1 -
APP instance
1 -
Real time protection
1 -
cisco
1 -
API Throttling
1 -
ssl
1 -
cloud update
1 -
storage
1 -
Webinar
1 -
Authentication
1 -
block IE11 traffic
1 -
ssl error
1 -
corrupted state
1 -
fedramp
1 -
Netskope
1 -
settings
1 -
certificate
1 -
Adobe
1 -
SWG
1 -
MacOS
1 -
other
1 -
Sanctioned apps
1 -
trust
1 -
Allowlist
1 -
ztna
1 -
configuration
1 -
Managed apps
1 -
Netskope Endpoint Client
1 -
Unique Device ID
1 -
NPA
1 -
private access
1 -
VDI
1 -
Office365
1 -
Unmanaged apps
1 -
Zero Trust
1 -
VMware
1 -
jumpcloud
1 -
malware
1 -
google
1 -
Facebook
1 -
Reporting
1 -
UPD errors and nsClientFLow
1 -
blockuploads
1 -
security posture check
1 -
Messenger
1 -
Azure-AD
1 -
Compromised Credentials
1 -
ServiceNow
1 -
sku
1 -
Sharepoint
1 -
whatsapp app
1 -
application assessment request
1 -
data usage
1 -
APIv2
1 -
Onedrive
1 -
Netskope Client installation mechanism
1 -
steer traffic
1 -
AutoUpdate
1 -
Outlook
1 -
googledocs
1 -
roles
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In