Step9: Configure quarantine or create copy locations for FSM controlled API policies

Quarantine Settings

Allows you to replace a file violating the policy with a custom file. The file violating the policy can be moved to any application you have added and configured for API in Forcepoint ONE SSE under a defined legal hold or quarantine account. This will allow for a central repository for admins to review/investigate quarantined files across all applications in one location. You will need to setup a notification file that will replace the quarantined file, setup an admin (quarantine) account and a folder location in your application.

Notification File

Notification files can be uploaded on the Protect > Objects > Common Objects page in the Custom Notification Files card.

You can use default notification file or create your own file. Clicking on the green plus icon brings up the dialog to upload a custom file. Only PDF files can be uploaded as custom notification files.

Note: The notification file that replaces the original file is renamed as <original_filename>_quarantined.pdf. The original file that is placed in the quarantine account is renamed to <username>_<original_filename>.

Quarantine Action Setup

On the Quarantine Settings section, configure the quarantine settings for where the file will be sent to:

1. App: This dropdown will show only those applications for which API Setup is enabled in Forcepoint ONE SSE with API integration to send the file to.
2. Instance: If you have multiple instances in the app, select the one you wish to send the file to.
3. Admin Account: Select the admin account (aka quarantine account) that will receive the quarantined file. The quarantine account should be an admin account in Forcepoint ONE SSE.
4. Directory Path: The location of the folder within the application. Formatting will differ based on the application you are using:
   • SharePoint - https://<customer-domain>.sharepoint.com/<site-collection-name-with-directory-path>
   • OneDrive - /Files/<directory_path>
   • Google Drive - /My Drive/<directory_path>
   • Box - /All Files/<directory_path>
   • Dropbox - /<directory_path>
   • ServiceNow - /<table_name>
   • S3 - Bucket: <bucket_name> Folder Path: Optional
   • GCP - Bucket: <bucket_name> Folder Path: Optional

Create Copy Settings

Works similarly to Quarantine Settings except instead of moving the original file to a designated (quarantined) location, you create a copy of the file to move to a designated location for later inspection. This allows the original file to remain undisturbed, however the admin can review the copy of the file to ensure that it meets compliance and then take a manual action on the original file if needed. Setup is similar in that you can select a specific app, app instance, admin account, and folder path that the file will be placed in.

On the Create Copy Settings section, configure the create copy settings for where the copy file will be sent to:

1. App: This dropdown will show only those applications for which API Setup is enabled in Forcepoint ONE SSE with API integration to send the file to.
2. Instance: If you have multiple instances in the app, select the one you wish to send the file to.
3. Admin Account: Select the admin account that will receive the create copy file. The create copy account should be an admin account in Forcepoint ONE SSE.
4. Directory Path: The location of the folder within the application. Formatting will differ based on the application you are using:
   • SharePoint - https://<customer-domain>.sharepoint.com/<site-collection-name-with-directory-path>
   • OneDrive - /Files/<directory_path>
   • Google Drive - /My Drive/<directory_path>
   • Box - /All Files/<directory_path>
   • Dropbox - /<directory_path>
   • ServiceNow - /<table_name>
   • S3 - Bucket: <bucket_name> Folder Path: Optional
   • GCP - Bucket: <bucket_name> Folder Path: Optional