REST Action Failed Received When Removing Document Links Via Response Rule

Article Id: 184324

Status: Published

Updated On: 07-02-2020 16:58

Legacy Id: TECH249537

Products:

Data Loss Prevention Cloud Detection Service

Issue/Introduction:

A user shares a collaborator link with an external user. The shared file contains sensitive information.

External in this context is a person outside the CASB Tenants Primary or Secondary Domains.

Incident Details: REST Action Failed

Cause:

The correct response rules required to remove access or break links may be missing from the policy.

Environment:

DLP 15.0
CASB Securelet: Microsoft O365 OneDrive

Resolution:

Data-At-Rest Response rule, "Remove Shared Links in Data-at-Rest" is used when a document is exposed publically, or externally, and the link needs to be removed.
Data-At-Rest Response rule, "Remove Collaborator Access" can be used to remove collaborator links on files shared with persons identified as external, even when the file itself IS NOT exposed external.

To be able to remove links for both use cases, an Automated Response Rule for each action should be added to the policy. Alternatively, an Automated Response Rule containing both response rules can be used.