Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Data Classification and Discovery
  • Nightfall Audits
    • Introduction to Nightfall Audit
  • Google Drive Audit
    • Overview
    • Select Integration
    • Select Scope
    • Detection Rules
    • Automated Actions
    • Review Configurations
  • Analyzing Google Drive Audit Results
  • GitHub Audit
    • Overview
  • Select Integration
  • Configure Scope
  • Select Detection Rules
  • Review Configurations
Powered by GitBook
On this page
  • Audit Results for Posture Only Scan
  • Audit Results for Posture and Data Discovery Scan

Was this helpful?

Export as PDF

Analyzing Google Drive Audit Results

PreviousReview ConfigurationsNextOverview

Last updated 10 hours ago

Was this helpful?

Once the Nightfall audit is started, it is placed in the queue for scanning, with the status displayed as Queued. Once the scan begins, the status changes to Scanning. After the audit is completed, the status is updated to Completed. To stop an audit, click the ellipsis menu and select Stop.

To view the results of a specific audit, click the ellipsis menu for the desired audit and select View Results. This option displays the results of only the selected audit.

To view the results of all the audits, navigate to the Results tab. On the Results tab, you can apply filters to view the results of desired audits or directly select an audit from the drop-down menu.

Audit Results for Posture Only Scan

The posture only scan displays the list of files that matched the scope conditions and were scanned during the audit.

The various columns displayed are as follows.

Column Name
Description

Name

The name of the file.

Location

The location of the file scanned (Google Drive)

Results

The number of external users who have access to the file.

Who

The email address of the user who owns the file.

Status

The current status of the scan result.

Ellipsis menu

The ellipsis menu allows you to perform the following actions.

  • Ignore: This action changes the status to ignored. You can apply this action if there is no further action to be taken on the file.

  • Acknowledge: This action changes the status to Acknowledged. You can apply this action when you wish to take an action on the file later.

  • Change Link settings: This action allows you to change the sharing settings of the file. You can remove the external users who have the access to the file or choose the Restricted action so that only the file owner and the users selected by the owner have access to the file.

  • Disable Download: This action prevents any user from downloading the file.

When you click a file, the following details are displayed.

  • File Type: The extension of the file (CSV, PDF, JPEG and so on) that was scanned.

  • File Size: The total size of the scanned file in bytes.

  • File Link: The Google Drive link to the file.

  • Permission Setting: The current sharing permissions configured on the file (Restricted, Anyone with the Link can view, and so on).

  • Sharing External Users: The external users with whom the file is shared.

  • Sharing Internal Users: The internal users with whom the file is shared.

  • Viewers Can Download: If set to True, it implies that users can download the file.

  • File Owner: The email address of the file owner. For files in SHared drives, this field is empty.

  • In trash: Indicates if a scanned file is present in trash.

  • Drive: The name of the drive (user drive, shared drive) in which the file exists.

  • File ID: The ID of the file assigned by Google Drive ID.

  • File Name: The name of the file.

  • Last Edited By: The email address of the user who last modified the file.

  • Labels: The names of the labels assigned to the file. If there are multiple labels, you can see one of the label names and number of additional labels. Hover over the label name to view additional labels.

Audit Results for Posture and Data Discovery Scan

The audit results for posture and data discovery scan also contains the the same info as mentioned in the previous section. Additionally, with this scan type, Nightfall also displays the details of sensitive data present, if any, in all the the scanned files.

The following details related to sensitive data is displayed.

  • Detector: The name of detector that was violated.

  • Text Before: The text that appears before the sensitive data.

  • Text After: The text that appears before the sensitive data (if present).

Finding: The sensitive data found in the document with of the finding.

confidence level