Settings
File Operations
The File Operations section provides you with the ability to select the default providers for File Scan and Content Disarm and Reconstruct (CDR).
Available File Scan providers (additional cost)
This setting incurs extra charges and cannot be disabled.
Crowdstrike - Crowdstrike first checks the maliciousness probability of a file by performing a reputation check against their database of files known to be malicious. If the file is not identified as known to be malicious, they perform threat intelligence on the file. Their threat intelligence analyzes links and contents of the file and provides a threat level score and classification with each file processed.
ReversingLabs - ReversingLabs performs a reputation search on the file in their extensive file reputation database. If the file is not found in the database, they then extract all internal objects to analyze the file for capabilities and intentions of the file to provide a threat level score and classification.
Block unsupported file formats that cannot be scanned by File Scan - If a file is not able to be scanned by File Scan, you can block that file from being uploaded to Sanitize. This can help prevent possible malicious activity from files that cannot be scanned.
Some reasons that a file cannot be scanned include: the file being encrypted, the file type being unsupported, or the file is password-protected.
Files are generally scanned in input and output of the sanitization/cleansing process. However if the file input location is Secure Share, then Sanitize does not scan the file, since it was scanned during the upload process to Secure Share. The same is true if the output storage location is Secure Share. Sanitize does not scan the file on output for files being sent to Secure Share.
Available CDR providers
Apryse - Sanitize uses Apryse’s capabilities to tear down the file components and objects, removes possibly malicious content (such as 3D objects, videos, macros, etc.) and then rebuilds the file back, turning videos, GIFs, 3D objects, and other moving details into static images. This works toward removing possible maliciousness from the elements to return a safer file.
After the sanitization/cleansing process, the file is then scanned again before being returned.
There is currently only one CDR provider available, so no modification is allowed for this setting.
Content Operations
Defang Links
The Defang Links setting modifies the text and annotations of URLs to remove the clickability of the link to prevent malicious links retention in the file. This setting can either be set to modify all links, or to modify links based on their perceived risk level. It is important to realize that modifying all links will make any identified links unusable in the document, which might not be desired. This setting is on by default with the Risk level slider set to Medium.
Based on risk level (additional cost) - If this option is selected, then additional settings are required.
Risk level slider - The risk level slider sets what risk level of URLs should be defanged. For more information on URL risk levels, refer to the URL Intel documentation.
-
Low - Any URL or domain with a risk level of 1 or higher will be defanged.
-
Medium - Any URL or domain with a risk level of 30 or higher will be defanged.
-
High - Any URL or domain with a risk level of 70 or higher will be defanged.
URL Intel provider - Crowdstrike is the only provider currently available for URL Intel. Click the toggle button to enable this feature.
Domain Intel provider - Select between Domain Tools or Crowdstrike Domain Intel providers. Click the toggle button to enable this feature.
Remove
Choose to remove the specified contents from the file. Removal of the contents in this section can affect the functionality of the document.
File attachments - This box is checked by default. This box directs Sanitize to remove all file attachments from files during processing.
Interactive content (PDF Only) - This box is also checked by default. This box directs Sanitize to remove any interactive content during processing, including fillable forms, JavaScript, 3D objects, and playable media (songs, videos, etc.). This option only affects PDFs.
Redact Sensitive Information (additional cost)
Sanitize can remove sensitive information from documents through the integration with the Redact service.
The setting is disabled until Redact is configured in the Pangea User Console. Once Redact is configured, it uses the Redact service Rulesets to identify and remove sensitive information from the files. If multiple configurations have been created for Redact, then a drop-down menu displays for selecting the desired configuration.
It is highly recommended to have a unique and descriptive name for each Redact configuration to make it easier to identify which is the correct configuration to use.
Secure Share Integration
Secure Share integration provides the ablility to use Secure Share as the input source and destination for the files. Files sourced from or sent to Secure Share are not scanned by File Scan because Secure Share scans the files automatically during the upload process.
Secure Share is enabled by default but requires specifying share_output
in the API call for the output to be directed to Secure Share.
While using Secure Share with Sanitize does not incur extra charges, your Secure Share service will still be billed for storing the files based on your data storage billing schedule.
Was this article helpful?