1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security API
    5. Remediate Risks of Sanctioned SaaS Apps
    6. Automatically Remediate Incidents
    7. Quarantine

    Quarantine

    Learn how SaaS Security API quarantines an asset discovered when scanning your sanctioned SaaS applications.
    If an asset poses an immediate threat to your intellectual property or proprietary data, you can move the compromised asset to one of two quarantine folders. Quarantine management capabilities depend on your administrator role permissions and autoremediation support for your cloud app.
    You can quarantine an asset one of two ways:

    Quarantine Folders

    SaaS Security API provides two quarantine folders:
    • User Quarantine
      —The asset is saved to a User Quarantine folder in the asset owner’s root folder structure. Only the owner can access the asset. Any direct links and collaborators on the asset are removed. Owners can view and restore the quarantined asset. Use this option to enable users to remediate their own assets to prevent low to moderate threats to your network.
    • Admin Quarantine
      —The asset is saved to an Admin Quarantine folder in the root folder structure of the administrator account you use to onboard the cloud app or, depending on your cloud app, the alternative account you specify after you onboard the cloud app (for example, Office 365 app and Box app).The folder name includes a date stamp. Only administrators can download, view, and restore these quarantined assets. Use this option to quarantine assets that prevent serious threats to your network (for example, malware).

    Tombstone Files

    A tombstone file is a plain-text file that contains a message that informs the file owner that the owner’s file is quarantined. The only content in the tombstone file is the tombstone message, which you can customize.
    When you quarantine a file, SaaS Security API copies the contents of the original file to a quarantine file in a new location. SaaS Security API replaces the quarantine file with a tombstone file, which SaaS Security API names
    <original_file_name_with_extension>
    .txt
     and saves to the original file’s location. In the SaaS Security web interface, the tombstone includes a link to the original asset. When you restore a file, you do so on the quarantine file, not the tombstone.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo