Configuring quarantine policy

Once the API and scanning settings have been configured, you can now configure policy actions to quarantine sensitive content. Cisco Spark has limitations on which files can be acted on. Files can only be quarantined that the admin user account used to configure the API has control over.

These are either files the configured user has uploaded/sent directly themselves or files in a room that the user account moderates directly.

The process for configuring the action is similar to other apps that support API policy actions found on the guide page. The main difference is the location for where the file is placed when identified as quarantined.

Steps

  1. On the Protect > Policies page, click the green plus icon to add a new Condition and Action for Cisco Spark.


  2. On the Cloud Policy dialog, you can configure who the policy applies to, what data pattern is matched, and the action.
    1. The policy can apply to all scanned users or a selected group of your choosing.
    2. The condition can be met based on Data Pattern, Status, File Name, Owner, Shared With, Team, or Path.
    3. Select the Quarantine action and input the location that it will File To, for Cisco Spark this will be a defined room.
    4. Select a Notification file that the quarantined file will be replaced with and choose your alerts. Similar to other apps API policy, you can also forward to ICAP.