Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Developer APIs
  • Data Classification and Discovery
  • Data Discovery and Classification
  • Nightfall Audits
    • Introduction to Nightfall Audit
  • Google Drive Audit
    • Overview
    • Select Integration
    • Select Scope
    • Detection Rules
    • Automated Actions
    • Review Configurations
  • Analyzing Google Drive Audit Results
  • GitHub Audit
    • Overview
  • Select Integration
  • Configure Scope
  • Select Detection Rules
  • Review Configurations
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Google Drive Audit

Automated Actions

PreviousDetection RulesNextReview Configurations

Last updated 22 days ago

Was this helpful?

This section describes the various actions that Nightfall takes automatically when a violation is detected. You must turn on the toggle switch to enable an action. All the automated actions are permanent and cannot be reversed once applied. You can also use the delayed remediation feature to set the timeline as to when an action must be taken. You can either choose to apply the automated action immediately after detecting a violation or after some time.

The various automated actions are described as follows.

Remove all external users and groups: This action revokes the file access in which sensitive data was found. All external users and groups will no longer have access to the file. You must also configure the delayed remediation feature by selecting an option in the Trigger action field. You can either choose to apply the action You can either select the Immediately option to apply the automated action immediately after detecting a violation or select the After option to implement the automated action after a certain time delay. If you select the After option, you must also set the delay time. The automated action is implemented once the delay time is elapsed.

  • Remove all internal users and groups: This action revokes the file access in which sensitive data was found. All internal users and groups will no longer have access to the file.

  • Restricted: This action restricts the file access only to those users who have the link to access it

  • Disable Download, Print, and Copy: This action disables downloading, printing, or copying the file in which sensitive data was found. This action is only applicable to users with the View and Comment permission. File owners can always download and copy the file.

The automated actions are not applicable in a few scenarios. To learn more about these scenarios, you can refer to .

this document