Encryption Events Page
Last updated
Last updated
The Encryption events page displays all the encryption events registered by Gmail. An event is triggered when an encryption policy is violated. To learn more about configuring encryption policies, refer to the Creating Policies for Encryption document.
Important
An encryption event is generated only when both of the following conditions are met.
Nightfall admin creates one or more encryption policies.
An end-user (who matches the scope for at least one of the policies) sends an email with encryption enabled.
To navigate to the encryption events page in Nightfall, click Data Encryption from the left menu.
Once you land on the Encryption page, Nightfall displays the encryption events for the last 7 days. You can view that the date filter also displays Last 7 Days.
To view the historic encryption events, click the date filter, set the required time period and click Apply.
The encryption events page consists of the following columns.
The Events encryption page provides a search bar. You can use the search operators to search a specific event. Nightfall provides multiple operators to search. When you click the search bar, five operators are displayed. You can click the View all operators button to view all the available search operators.
For example, you can use the user_email search operator to search for events that were generated as a result of emails sent by a specific sender. In the following image the user_email operator is used to search for events generated by a user whose mail ID is max@starwoodhealth.com.
The complete list of search operators provided by Nightfall are as follows.
This operator allows you to search events that belong to a specific integration. For example Gmail.
This operator allows you to search events based on the user name of the sender.
This operator allows you to search events based on their status.
This operator allows you to search events that were generated as a result of emails sent from a specific email ID.
This operator allows you to search events that were generated as a result of emails sent by including a specific mail ID in the BCC field.
This operator allows you to search events that were generated as a result of emails sent from a specific email ID.
This operator allows you to search events that were generated as a result of emails sent to a specific email ID.
This operator allows you to search events that were generated as a result of emails sent by including a specific mail ID in the CC field.
This operator allows you to search events that were generated as a result of emails sent by including a specific subject in the Subject field of the email.
This operator allows you to search events based on the gmail user name of the sender.
The actions menu allows you to take appropriate actions on the events. When you initiate an action on an event, the status of the event changes accordingly. For instance, if you apply the encrypt action, the email that triggered the event is encrypted and the status of the event changes to Encrypted.
You can apply an action from the ellipsis menu on the Events page
Alternatively, you can also apply an action from the Event Detail View page.
The actions that you can perform on an encryption Event are as follows.
This action allows you to set an expiration date for the email Recipients cannot view the email after the set expiration period. If an expiration period is already set by the end-user or through automated actions, you can still override the expiration period and set a new expiration period.
This action disables the recipient's ability to forward emails.
This action prevents end-users from downloading any attachments or copying the contents of the attachments.
This action resolves the Event. You must apply this action when a suitable remediation action has been implemented.
The Event detail view page displays various details of a specific event. You must click the required event to open the detail view window. The Event detail view displays the following details.
The event history section is a log book for the Events. It displays the series of actions that were taken. By default, the first log message recorded is the Event creation and the second log message displays that the email was encrypted by the sender.
Once the recipient decrypts the Email and view it, a new log message is displayed as follows.
As you perform various actions on the Email or the Event, the log message is recorded for each action as follows.
At the end of the event section, Nightfall provides a text box. You can add comments in the text box and save them for future use. You can add a maximum of 300 characters in the text box.
| Column Name | Description |
|---|---|
| Field Name | Details |
|---|---|
Send Date
The date and time when the Email was sent.
Subject
The subject of the Email. If no subject was added, this field is blank.
From
The email ID of the user who sent the Email.
To
The email ID(s) of the recipients.
Cc
The email ID(s) of the users who were included in the Cc field. If no user was added to the Cc field, this field displays n/a.
Bcc
The email Id(s) of the users who were included in the Bcc field. f no user was added to the Bcc field, this field displays n/a.
Attachments
The name of the attachments added to the email. If no attachments were added to the email, this field displays n/a.
Disable Forwarding
This field displays No if Email forwarding is disabled. If Email forwarding is enabled, it displays Yes.
Persistence Protection
This field displays No if Persistence protection is disabled. If Persistence protection is enabled, it displays Yes.
Expiration Time
If expiration is set, the expiration date and time is displayed. If expiration is not set, this field displays a hyphen.
Revoke all recipients
This field displays No if access is not revoked for all the users.
Revoke Emails List
This field displays the email ID(s) of the users to whom the access is revoked. This field displays n/a if access is not revoked for any of the users.
Unrevoke Emails List
This field displays the email ID(s) of the users to whom the access is restored after being revoked previously. This field displays n/a if access is not restored for any of the users.
Name
The subject line of the email that triggered the event. If the email was sent without a subject, this column name will also remain blank.
Source
The email ID from which the email was sent.
Destination
The email ID(s) to which the email was sent.
When
The time elapsed since the email was sent.
Status
The current status of the email. The status depends on the taken on the email. The status is automatically updated in another case too. If a Nightfall admin takes an action from Email or Slack , the status is automatically updated.
