SaaS Security Administrator's Guide
    : Quarantine
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Data Security
    5. Remediate Risks of Sanctioned SaaS Apps
    6. Automatically Remediate Incidents
    7. Quarantine
    Download PDF

    SaaS Security Administrator's Guide

    Quarantine

    Table of Contents

    Quarantine

    Learn how Data Security quarantines an asset discovered when scanning your sanctioned SaaS applications.
    If an asset poses an immediate threat to your intellectual property or proprietary data, you can move the compromised asset to one of two quarantine folders. Quarantine management capabilities depend on your administrator role permissions and autoremediation support for your cloud app.
    You can quarantine an asset one of two ways:

    Quarantine Folders

    Data Security provides two quarantine folders:
    • Admin Quarantine—The asset is saved to an Admin Quarantine folder in the root folder structure of the administrator account you use to onboard the cloud app or, depending on your cloud app, the alternative account you specify after you onboard the cloud app (for example, Office 365 app and Box app).The folder name includes a date stamp. Only administrators can download, view, and restore these quarantined assets. Use this option to quarantine assets that prevent serious threats to your network (for example, malware).
    • User Quarantine—The asset is saved to a User Quarantine folder in the asset owner’s root folder structure. Only the owner can access the asset. Any direct links and collaborators on the asset are removed. Owners can view and restore the quarantined asset. Use this option to enable users to remediate their own assets to prevent low to moderate threats to your network.

    Tombstone Files

    A tombstone file is a plain-text file that contains a message that informs the file owner that the owner’s file is quarantined. The only content in the tombstone file is the tombstone message, which you can customize.
    When you quarantine a file, Data Security copies the contents of the original file to a quarantine file in a new location. Data Security replaces the quarantine file with a tombstone file, which Data Security names <original_file_name_with_extension>.txt and saves to the original file’s location. In the SaaS Security web interface, the tombstone includes a link to the original asset. When you restore a file, you do so on the quarantine file, not the tombstone.

    © 2024 Palo Alto Networks, Inc. All rights reserved.