Guides
ProductDeveloper
Guides
ProductDeveloper

Enable Cloud Malware Protection for Google Drive

Suggest Edits

Table of Contents

Prerequisites

  • The person performing the authentication must be a Google Super Admin and have an active Google user license.
  • Chrome or Firefox is recommended with pop-up blockers/ad blockers disabled (only for the duration of authorization).
  • Cisco Cloud Access Security Broker (CASB) Gov (also known as the SaaS API Connector) must be installed in the tenant by a Google Admin User. We recommend using a service account for the installation.

Limitation

  • A tenant that fails to authenticate cannot be deleted.

Authorize a Tenant

  1. In the Umbrella dashboard, navigate to Admin > Authentication.
  2. In the Platforms section, click to expand Google.
  1. In the Cloud Malware section, click Authorize New Tenant to add a Google tenant to your Umbrella environment.
  1. In the Google Authorization dialog box, check the checkbox to verify you meet the prerequisite, then click Next.
    Note: The link to the SaaS API Connector brings you to the Umbrella DLP Connector site in the Google Workspace Marketplace. This is correct, despite the nomenclature difference.
  1. Add a Tenant Name and then click Next.
  1. Select a Response Action for Umbrella to apply to Google files found with malware and then click Next.
  • Choose Monitor to cause Umbrella to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.
  • Choose Quarantine to:
  • Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Google admin.
  • Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
  1. Add a gmail Email Address and then click Done.

The new tenant appears in the Cloud Malware section.

Edit a Tenant

You can change the Response Action you have selected for a tenant.

  1. Navigate to Admin > Authentication.
  2. In the Platforms section, click Google.
  3. In the Cloud Malware section, from the Edit column click Edit.
  1. Select a Response Action for Umbrella to apply to Google files found with malware and then click Next.
  • Choose Monitor to cause Umbrella to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.
  • Choose Quarantine to:
  • Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Google admin.
  • Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
  1. Click Done.

The new Response Action is displayed.

Revoke Authorization

You can revoke any authorized tenant.

  1. From the Action column, click Revoke.
  1. Click Revoke. The selected tenant is no longer authorized.

Enable Cloud Malware Protection for Dropbox Tenants< Enable Cloud Malware Protection for Google Drive Tenants > Manage SaaS API Data Loss Prevention

Updated 5 days ago