Sanctioned DLP Policy Response Actions
Response Actions define behaviors taken once a policy is triggered. By default, every policy creates an incident that appears in Skyhigh CASB. If an event, message, or document triggers more than one policy, an incident is generated for each corresponding policy. But, the response to the document reflects the more restrictive policy. For more information, see DLP Policy Incident Statuses.
Response Actions can be conditionally executed depending on the severity of the Rule Group that was triggered.
Legend: ✔ - Response action supported. ✖ - Response action not supported.
API Actions
|
Action |
Description |
Supported in IaaS DLP |
Supported in SaaS DLP |
|---|---|---|---|
| Incident | Incidents are generated by default |
✔ |
✔ |
|
Quarantine |
Quarantines the file by placing it in the “Quarantine” folder in an administrator account and leaves a tombstone file. An email might be sent to the user if configured to do so. |
✔ |
✔
|
|
Delete |
Deletes the file and leaves a tombstone file. An email might be sent to the user if configured to do so. |
✖ |
✔
|
|
Remove Link |
Prevents outside collaborators from accessing the shared link. The linked file or folder is not affected. |
✖ |
✔ |
| Apply Classifications | Applies a Classification to a file in Box or SharePoint. | ✖ |
✔ |
| Block Email | Blocks the email from being delivered to the recipient. Leaves the email in the sender's Sent Messages folder. An email might be sent to the user if configured to do so. | ✖ |
✔ |
|
Encrypt |
Deletes the file that triggers the encrypt response and replaces it with an encrypted version. A file can only be decrypted through our cloud-hosted reverse proxy. |
✖ |
✔ |
| Set View Only Permissions for | Modifies the permission of a share/collaboration event within the service to View Only. This action only takes effect when there are User Action rules defined in the policy. | ✖ |
✔ |
| Set Edit Permissions for | Modifies the permission of a share/collaboration event within the service to Editor. This action only takes effect when there are User Action rules defined in the policy. | ✖ |
✔ |
| Revoke Sharing for | Modifies the permission of a share/collaboration event within the service to None, or Revoke Sharing. This action only takes effect when there are User Action rules defined in the policy. | ✖ |
✔ |
| Send Bot Notification | Sends an in-app notification, from a bot registered by Skyhigh CASB to the user triggering the DLP rule. | ✖ |
✔ |
| User Bot Notification | Sends an in-app notification to the user interacting with the bot. | ✖ |
✔ |
| Apply DRM | Applies DRM (Digital-Rights-Management) protection to files with sensitive content. | ✖ | ✔ |
| Add Email Header | Adds an extra header to the email before sending it out in inline mode. The user creates a header by inputting a key-value pair (<key>, <value>). These headers are added to the email. If the key specified in the policy is already present in the header, the value specified in the policy is appended to the email header. | ✖ | ✔ |
|
User Email Notification |
Sends a predefined email to the user triggering the DLP rule with details regarding the policy violation. |
✖ | ✔ |
| Send Email Notification to | Sends an email to the specified user regarding the policy violation | ✖ | ✔ |
Proxy Actions
|
Action |
Description |
|---|---|
|
Send email notification to |
Sends an email to a predefined address or distribution list that contains details regarding the anomalous action. |
|
Block Transfer |
Prevent the transmission of the file from within your network to Box |
|
Encrypt |
Encrypts the file inline via the Reverse Proxy. This requires the Reverse Proxy to decrypt the file on download. |
Response Action Precedence
The following table describes the precedence order of Response Actions with weightage to resolve conflicts.
| Response Action | Precedence |
|---|---|
| Incident | Default |
| Block | 1 |
| Modify Permissions to None | 1 |
| Modify Permissions to View Only | 2 |
| Modify Permissions to Edit Only | 3 |
| Apply DRM | 4 |
| Quarantine | 4 |
| Delete | 5 |
| Remove Shared Link | 6 |
| Encrypt | 7 |
| Add Email Header | 7 |
| Email Notification | 8 |
| User Email Notification | 9 |
| User Slack Notification | 10 |
| User Bot Notification | 11 |
| Send Bot Notification | 11 |
| Send Slack Notification | 11 |
| Apply Classification | 12 |