is there a way to create an alert to detect the movement of files that have a mismatched file extension?
i know Netskope will do its inspect of the file but i would like an alert on this as an indicator of risky behavior.
Solved
Risky behavior detection
+2Best answer by aramachandran
What is your concern here - unacceptable/shady behavior or data/malware risk ?
Sounds like the former.. but thought I'd ask - The one way I'm thinking is using NAA to regex the object name (to extract the extension from the object name) and compare against the file type that we detect - but that's manual..
+13What is your concern here - unacceptable/shady behavior or data/malware risk ?
Sounds like the former.. but thought I'd ask - The one way I'm thinking is using NAA to regex the object name (to extract the extension from the object name) and compare against the file type that we detect - but that's manual..
+2yes thats correct, this is to track the shady behavior.
its worth a shot. ill report back after a try
+10You can also try to create a realtime policy for certain categories or applications, and apply file type constraints for upload and download activities to identify risky file type uploads and downloads.
Login to the community
No account yet? Create an account
Login with SSO
Login with Saml2 Login with OpenIdConnector
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.