Quarantine action is not a remediation option for AWS Securlet
search cancel

Quarantine action is not a remediation option for AWS Securlet

book

Article ID: 193825

calendar_today

Updated On:

Products

CASB Security Advanced CASB Security Premium CASB Security Standard CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS

Issue/Introduction

Question if Quarantine remediation task is supported by AWS Securlet. 

or 

A customer has configured a Policy in DLP Enforce (where CASB + AWS Securlet are integrated). The Quarantine rule appears to have fired in external DLP. The DLP Enforce CASB violation noted that quarantine was the action taken, however, the API request to leave a marker file and move the actual file to a quarantine folder is not applied.

Environment

CASB / AWS Securlet / DLP integration 

Cause

• For DLP and CASB environments where AWS Securlet is also active, not all remediation options that appear in DLP are applicable when leveraging the Policy for AWS. This doesn't take into account external AWS tools or AWS services such as Lambda which can apply an action on a resource based on a trigger such as a message notification.

• For context, CASB tenants (without DLP) but with AWS Securlet, do not have a remediation option for quarantine. The available option is illustrated below (Remove Public Access) is the only remediation option.

Resolution

AWS Securlet does not support quarantining files.