Netskope Community
09-22-2023 07:44 AM
is there a way to create an alert to detect the movement of files that have a mismatched file extension?
i know Netskope will do its inspect of the file but i would like an alert on this as an indicator of risky behavior.
Solved! Go to Solution.
09-22-2023 01:41 PM
What is your concern here - unacceptable/shady behavior or data/malware risk ?
Sounds like the former.. but thought I'd ask - The one way I'm thinking is using NAA to regex the object name (to extract the extension from the object name) and compare against the file type that we detect - but that's manual..
09-22-2023 01:41 PM
What is your concern here - unacceptable/shady behavior or data/malware risk ?
Sounds like the former.. but thought I'd ask - The one way I'm thinking is using NAA to regex the object name (to extract the extension from the object name) and compare against the file type that we detect - but that's manual..
09-25-2023 04:51 AM
yes thats correct, this is to track the shady behavior.
its worth a shot. ill report back after a try
09-28-2023 05:22 PM
You can also try to create a realtime policy for certain categories or applications, and apply file type constraints for upload and download activities to identify risky file type uploads and downloads.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In