Defining Policy Scope

The Scope stage allows you to include or exclude various Google drives, files, and folders from being monitored.

The Scope stage consists of two main sections.

  • Drive Selection: This section allows you to include various files and drives for monitored. In this section, you can select various drives to be monitored.

  • Add Filters: This section allows you to exclude files, users, and groups from monitored. In this section, you can select files from within the drives, selected in the Drive Selection section, to be excluded from scanning.

Configuring the Drive Selection Section

The Drive Selection section allows you to select various drives for monitoring. You can select either User Drives or Shared drives to be monitored by Nightfall for sensitive data.

Select Drives

This section allows you to select various drives in your Google Drive to be monitored. There are two options in this section. You can either choose to scan the User drives, Shared drives, or both.

  • User Drives: The User Drives is the personal drive of the user. The files in this drive are visible only to the owner of the file and other users to whom the owner has given access. User Drive is commonly known as My Drive in Google Drive. To select the User drive for scanning, you must select the User drives check box.

IMPORTANT

If you choose to monitor the User drives, all the User drives in your Google domain are selected for monitoring. You do not have the option to choose specific User drives for monitoring.

  • Shared Drives: Shared drives are common storage locations accessed by all the users in your organization. To select this option, you must select the Shared drives check box.

IMPORTANT

If you choose to monitor the Shared drives, you can select whether to monitor all the Shared drives or only specific shared drives.

  • If you select the All Drives option, all the Shared drives in your Google domains are selected for monitoring.

  • If you select the All Drives, except for option, you can exclude some shared drives from being monitored.

  • If you select the Specific Shared Drives option, you get the option to choose specific Shared drives for monitoring.

The following image displays the scenario when you select the All Shared drives check box.

If you select the All Drives, except for option, you must also select the shared drives which must be excluded from monitoring.

If you select the Specific Drive(s) option, you must also select the specific shared drives which must be monitored.

Configuring Add Filter Section

The Add Filter section operates at the file level, user and group level, and Label level as opposed to the Drive Selection section that operates at the drive level. Once you select the required drives, you may only want to scan a few specific files within those drives and not all the files. This section allows you to select specific files within the selected drives for monitoring.

If you wish to scan all the files in the selected drive, you can omit this section.

Nightfall provides eight types of filters to be applied on drives. To apply a filter, click the Add Filter button and select the required filter.

Internal Users

Internal users refers to the users who are part of your organization. You can choose to monitor files that belong to specific internal users by selecting the Monitor specific option or exclude only files belonging to specific internal users from being monitored, by selecting the Monitor all, except option.

If you select the Monitor specific option, you must select specific users, whose files must be monitored.

Similarly, If you select the Monitor all, except option, you must select specific users, whose files must be excluded from being monitored.

External Users

External users refers to users who are not part of your organization. You can choose to monitor files that belong to specific external users by selecting the Monitor specific option or exclude only files belonging to specific external users from being monitored, by selecting the Monitor all, except option.

The list of users is not populated as in case of Internal Users. You must manually type the email ID of the users whose files must be included/excluded from being monitored.

External Groups

External groups refers to Google groups that are not part of your organization. When you select the External groups filter, you can only choose to exclude specific groups whose files must be excluded from being monitored. You do not have the option to select specific groups, whose files must be monitored. Hence only the Monitor all, except option is available. You can select soecific groups to be excluded from monitoring.

Internal Files

Internal files refers to the files that belong to your organization. You can choose to monitor specific internal files by selecting the Monitor specific option or exclude only specific internal files from being monitored, by selecting the Monitor all, except option.

Nightfall populates the list of file IDs and not file names. Hence you must select the file IDs from the drop-down list.

You can find the ID of a file in Google Drive by the following method.

  1. Open the file.

  2. In the browser URL, you can find the file URL in the following format.

https://docs.google.com/document/d/abcd/edit

  1. In the above URL, the content after d/ and before /edit is the ID of the file. In the above example, abcd is the file ID.

External Files

External files refers to the files that are not part of your organization. You can choose to monitor specific external files by selecting the Monitor specific option or exclude only specific external files from being monitored, by selecting the Monitor all, except option.

Nightfall populates the list of file IDs and not file names. Hence you must select the file IDs from the drop-down list.

Permissions

You can select files to be monitored based on the access permission of the file. The three file access permissions supported by Google Drive are as follows.

  • Restricted: The files with this permission type allow only the owner of the file to access it. If you select this option, only those files in the selected drive are monitored which are accessible only to the file owners.

  • Shared Within Your Organization: The files with this permission type allow anyone from within your organization to access the file. If you select this option, all the files from the selected drive, which are shared within your organization, are monitored.

  • Anyone With the Link: The files with this permission type allows any user (even from outside your organization) to access the file, provided they have the URL of the file. If you select this option, all the files shared with any internal and external users, from the selected drive, are monitored.

Standard Labels

You can choose to include files to be monitored, that belong to a standard label(s). With this option, by default, all the files with standard labels are selected for monitoring. You can exclude specific standard label files from being monitored. Hence only the Monitor all, except option is available.

Badged Labels

You can select specific badge labels. Only those files which have the selected badge labels are monitored. To select a badge label, you must select the respecitve check box.

PreviousIntegrationNextDefining Detection Rules

Last updated