> For the complete documentation index, see [llms.txt](https://help.nightfall.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_google_drive/policies/trigger.md).

# Trigger

The trigger section further enhances the unwanted noise reduction capabilities. With the trigger section, you can

* Set what download behavior can be termed as an exfiltration event.
* Exclude downloads by trusted apps from being termed as exfiltration events.

## Configuring Trigger Section

In the trigger section, you can set the download behavior, the download frequency to be precise, must be termed as an exfiltration event.&#x20;

To configure the Trigger section:

1. Set the minimum number of downloads threshold that must be considered as an exfiltration event.
2. Set the required time period (frequency). If the minimum download threshold (set in the previous step) is reached or exceeded, within the set time period, an exfiltration event is generated.

<figure><img src="/files/L3iqYCewsSHYeJAaJ3VK" alt=""><figcaption></figcaption></figure>

In the following image, the configurations are set such that if an asset is downloaded 2 or more times within 10 minutes, an exfiltration event is triggered.

<figure><img src="/files/P0lOdgql6IHW564Yxdk4" alt=""><figcaption></figcaption></figure>

{% hint style="danger" %}
You must set the action frequency carefully. For example, consider that you set the download condition as **5 or more files**, **within 1 hour**. In this case, if a user downloads four assets, every 1 hour, the policy does not trigger a violation, since the condition is not met.
{% endhint %}

## Exclude Apps

Depending on your environment, a significant number of downloads may be attributed to applications (i.e. backup apps). You may choose to ignore such download events to reduce the noise and focus your monitoring on unexpected application and user download events.

The Exclude apps section allows you to exclude specific applications from being monitored by your policy.

To configure the Exclude apps section, select the applications to exclude from the drop-down menu. Once saved, Nightfall will not alert on download events attributed to the excluded applications.

<figure><img src="/files/rGyAdSAEx6nCN8mZdXnC" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_google_drive/policies/trigger.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.