This article describes how to create a custom "Tombstone" message - aka a Marker File in an Enforce Response Rule being applied at the CloudSOC.
By default, the Symantec Data Loss Protection (DLP) Enforce policy uses a standard Marker File message when a file is quarantined through the Response Rule action, "Custom Action on Data-at-Rest".
Note: This workaround only applies if you have CASB and your on-premises DLP Enforce Server integrated together with the DLP Cloud Detection Service.
For version 15.1 and prior, you can customize the Tombstone message if you use a Custom Payload option with the JSON payload shown below.
Note: Native CASB policy (i.e. Protect) relies on a Response Rule Template that is applied to the Protect policy directly.
The option to configure the text of the Marker File message will appear in the "Quarantine Data-at-Rest" Response Rule when clicking "Use marker file".
Follow these steps to apply the custom payload to a Response Rule action in DLP Enforce policy:
"markerFileText": "Insert your custom tombstone quarantine message here"