+2
is there a way to create an alert to detect the movement of files that have a mismatched file extension?
i know Netskope will do its inspect of the file but i would like an alert on this as an indicator of risky behavior.
Best answer by aramachandran
View original
+13
What is your concern here - unacceptable/shady behavior or data/malware risk ?
Sounds like the former.. but thought I'd ask - The one way I'm thinking is using NAA to regex the object name (to extract the extension from the object name) and compare against the file type that we detect - but that's manual..
+2
yes thats correct, this is to track the shady behavior.
its worth a shot. ill report back after a try
You can also try to create a realtime policy for certain categories or applications, and apply file type constraints for upload and download activities to identify risky file type uploads and downloads.
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
