Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles
How to Follow Data Through the Search PipelineEndpoint for Windows Configuration Reference GuideEndpoint Software Command Line InterfaceBasic Troubleshooting Steps (Enterprise Console)Endpoints or Results Fail to be Displayed in the ConsoleMongoDB and TLS 1.3SQL Client SQL Exception ErrorHow to Troubleshoot Spirion Client Search Failures and How to WhitelistCustomer Notice – Spirion Agent Update & Security Assessment for PostgreSQLHow to Enable Verbose/Debug Logging for the Endpoint ServiceHow can I monitor the status of a queue job?Can I monitor the job queue status automatically?Troubleshooting: "Unable to find job queue: search_queue"How to Verify the Discovery Agent's StatusHow to check if port 6433 is open on your networkWhat is the SDM Translator Service?How to Create a Single Tenant App for OneDrive and Exchange Online SearchesHow to Configure Spirion for Sybase DiscoveryHow to Use Certificates to Authenticate with SharePoint OnlineHow to Quarantine to a Remote Location Using Spirion Sensitive Data PlatformA Server Error has Occurred: How to use the Chrome Developer ToolsWhy doesn't my Oracle 19c Database scan?How to Enable Full Disk Access on a Mac AgentWhy is My Scan Node Running Out of Disk Space?What to do about Message Processing and Delays, also known as 'Lag,' in SpirionDetails About the Box API used by Spirion to Search Box AccountsHow to Build a Mac Package (PKG)How to Sanitize AgentsHow to Set User and Role AccessHow to Enable SSL Communication between Linux Agents and the Spirion ConsoleHow to Enable HTTPS for the Spirion ConsoleHow to Search BoxFAQ: How do I avoid being prompted to re-login to the Spirion console?Spirion Sensitive Data Platform Scan PerformanceHow to Authenticate to SharePoint On-PremiseHow to Configure Spirion Sensitive Data Platform to Connect to an Oracle DatabaseFAQ: Linux 12.5 Client Package Build WorkaroundTroubleshoot Exchange Online Using Microsoft Graph ExplorerFAQ: What to do when an agent will not start the discovery team scan?Required SQL Server PermissionsHow to Scan Microsoft Teams with Spirion Sensitive Data PlatformField Input Using Linux Machines Anti-virus Alerts Received during Spirion SearchVersion 13.6 MSI Installation Issues - Exe file not signedWhat are common firewall rules needed for distributed scans?
Release Notes

How to Quarantine to a Remote Location Using Spirion Sensitive Data Platform

archTIS Spirion highly recommends that in an Enterprise environment you use Quarantine to protect sensitive data.

Overview

Quarantine is one of the remediation options available in a playbook using Spirion Sensitive Data Platform.

Spirion Support highly recommends the use of quarantine in an Enterprise environment as one of the first steps to protecting sensitive data.

Before You Start

  • You need a service account with access to both the Target file server being scanned AND the destination that the quarantine folder would reside.
  • The service account needs both read and write permission on both the Target being scanned and the destination
  • Support recommends testing in the Agent to confirm that the service account you want to use has proper permissions
  • When entering the UNC path for the Windows quarantine file path ensure the Target in the path matches the authentication Target. 
    • That is, if your authentication target is using IP address, make sure the UNC path in the Windows Quarantine path is also an IP address.
  • If the Quarantine folder does not exist, it is created for you.
  • The quarantine file path will be preserved as the file path inside the quarantine folder.
  • When adding quarantine to a playbook the playbook must still maintain a classification function to be saved
  • When adding quarantine to a playbook it does not need to be a decision point of its own. A single decision point can both classify and quarantine. The playbook in this article is for demonstration purposes only.

How to Set Up Quarantine

You set up Quarantine in two parts.

  1. The first part takes place in the "Application Settings" page (Settings > Application Settings) in the Spirion Sensitive Data Platform console.
  2. The second part takes place in the workbook.

How to Configure Quarantine Paths on the Application Settings Page

Use the following steps to set up your quarantine paths. Quarantine paths are configured on the Application Settings page:

  1. From the blue navigation menu on the left side of Spirion Sensitive Data Platform, navigate to Settings > Application Settings > Scan Settings > Remediation.
  2. Enter the path that quarantined documents will reside in.
    • Syntax: \\yoursever\quarantine folder
    • For details, see the embedded tooltips
  4. Click the blue gear next to "Windows quarantine file path".

  5. Navigate to the target that was entered in the path in step 2.
    • If the target does not exist, you can select the blue + Add Target button. This enables you to create the Target on the spot.

      • Note: If you create the Target on this screen, the Target address must be in the same format as the Windows quarantine path. That is, if you put an address in the Windows Quarantine file path that uses a NetBIOS in the UNC path then the Target created must also use NetBIOS.
  7. Click the 3 ellipses in line with the Target name and select Assign. If the assignment is successful, a green check appears next to the Target name.

How to Set Up Manual or Automatic Quarantine Using a Scan Playbook

Once quarantine is set up in the Application Settings it must be added to a playbook to be invoked.

To add the quarantine action to a scan playbook use the following steps:

  1. Navigate to the decision point in which you wish to add the quarantine function.
  2. Select Quarantine from the toggle box.
  3. Check the Automated Action checkbox ONLY IF you want documents to be auto quarantined. 
    1. If you wish to have a human manually review the documents first, leave this box unchecked.


Was this article helpful?

Powered by Product Fruits