Managing Google Drive Violations
Nightfall admins and end-users can view Google Drive violations in three ways. This document explains the three methods.
Admin Notification and Remediation
When end-users violate a policy, the Nightfall admin is notified about the incident. The notification channel used to notify the Nightfall admin depends on the settings configured in the Admin Alerting section. If you have not enabled any notification channels in the Admin alerting section, Nightfall admins are not notified.
If you have enabled the email notification in the Admin alerts section, Nightfall admins receive an email. The email is as shown in the following image.
At the end of the email, action list is displayed. Nightfall admins can take the action as required.
If Slack notifications is enabled, Nightfall admins also receive a message in the respective Slack channel.
Just as in case of Email, at the end of the Slack message, possible actions are displayed.
End-User Notification and Remediation
When an end user violates a policy in Google Drive, a notification is generated based on the notification settings configured by Nightfall admins in the policy configurations. If end-user notifications is configured in the End-User Notification section, end-users receive an email as shown in the following image.
Apart from end-users notifications, if Nightfall admins also enable remediation actions in the End-User Remediation section, end-users can take appropriate actions. The available list of actions depend upon the settings configured in the End-User Remediation section.
Nightfall Violations Page
Nightfall admins can view and take actions on the Google drive violations from the Nightfall Violations page. To view the Nightfall violations page:
Navigate to the Violations page in Nightfall.
Apply filters to view only Google Drive violations.
Click Apply.
(Optional) Modify the days filter to view historical violations. You can either select a standard time frame provided by Nightfall like Last 7 Days, Last 30 Days, and so on, or use the Custom Range option to specify a custom time frame.
You can now view all the Google Drive Violations.
Click the ellipsis menu on the right to view the available actions.
You can reduce the noise from known files repeatedly generating new violations by ignoring all violations in a specific file, keeping you focused on new, unknown risks. All current Violations and future violations generated by this file are automatically ignored.
You can also Undo the Ignore all action.
When you apply the Ignore all action:
All existing violations from the selected item are automatically marked as "Ignored" and moved to the Resolved tab.
An activity is created in the log entry to reflect the automated action on any violation that is automatically ignored.
Ignored automatically - "Auto-ignore is enabled for all future violations from this item.
Click any violation to view more details about the violation.
You can click the Expand details button to view more information about the violation.
The expanded view displays the following additional details.
Applying Labels
When you apply labels to a Google Drive file either through automated actions or manually (by a Nightfall admin or end-user), the applied label is displayed next to the title of the file.
In the following image, you can view a Google doc on which label is not applied.
The following image displays the same file, once a badge label is added.
If you add a new badge label, it replaces the previously applied badge label.
Last updated
