Analyzing Google Drive Audit Results
Last updated
Was this helpful?
Last updated
Was this helpful?
Once the Nightfall audit is started, it is placed in the queue for scanning, with the status displayed as Queued. Once the scan begins, the status changes to Scanning. After the audit is completed, the status is updated to Completed. To stop an audit, click the ellipsis menu and select Stop.
To view the results of a specific audit, click the ellipsis menu for the desired audit and select View Results. This option displays the results of only the selected audit.
To view the results of all the audits, navigate to the Results tab. On the Results tab, you can apply filters to view the results of desired audits or directly select an audit from the drop-down menu.
The posture only scan displays the list of files that matched the scope conditions and were scanned during the audit.
The various columns displayed are as follows.
Name
The name of the file.
Location
The location of the file scanned (Google Drive)
Results
The number of external users who have access to the file.
Who
The email address of the user who owns the file.
Status
The current status of the scan result.
Ellipsis menu
The ellipsis menu allows you to perform the following actions.
Ignore: This action changes the status to ignored. You can apply this action if there is no further action to be taken on the file.
Acknowledge: This action changes the status to Acknowledged. You can apply this action when you wish to take an action on the file later.
Change Link settings: This action allows you to change the sharing settings of the file. You can remove the external users who have the access to the file or choose the Restricted action so that only the file owner and the users selected by the owner have access to the file.
Disable Download: This action prevents any user from downloading the file.
When you click a file, the following details are displayed.
File Type: The extension of the file (CSV, PDF, JPEG and so on) that was scanned.
File Size: The total size of the scanned file in bytes.
File Link: The Google Drive link to the file.
Permission Setting: The current sharing permissions configured on the file (Restricted, Anyone with the Link can view, and so on).
Sharing External Users: The external users with whom the file is shared.
Sharing Internal Users: The internal users with whom the file is shared.
Viewers Can Download: If set to True, it implies that users can download the file.
File Owner: The email address of the file owner. For files in SHared drives, this field is empty.
In trash: Indicates if a scanned file is present in trash.
Drive: The name of the drive (user drive, shared drive) in which the file exists.
File ID: The ID of the file assigned by Google Drive ID.
File Name: The name of the file.
Last Edited By: The email address of the user who last modified the file.
Labels: The names of the labels assigned to the file. If there are multiple labels, you can see one of the label names and number of additional labels. Hover over the label name to view additional labels.
The audit results for posture and data discovery scan also contains the the same info as mentioned in the previous section. Additionally, with this scan type, Nightfall also displays the details of sensitive data present, if any, in all the the scanned files.
The following details related to sensitive data is displayed.
Detector: The name of detector that was violated.
Text Before: The text that appears before the sensitive data.
Text After: The text that appears before the sensitive data (if present).
Finding: The sensitive data found in the document with of the finding.
