# Trigger

Once you zero down the policy [Scope](/data-security-posture-management/nightfall-for-google-drive/configuring-google-drive-policies/scope.md) to the required devices and originating domains, you must now define the trigger actions that can be termed as Posture change events. When these trigger actions are performed on the scoped entities, Nightfall considers it as a violation and a Posture Management Event is created.

Nightfall provides you two types of trigger actions that you can set as Posture change events.

* **Changes Share Settings**: Attempt to modify Link sharing settings (ex. from restricted to public) of a single or multiple Google Drive asset.
* **Gives Access**: Attempt to provide access to a single or multiple Google Drive assets.<br>

<figure><img src="/files/EyqX38fHnV8E3kEfJr7I" alt=""><figcaption></figcaption></figure>

## Changing Share Settings

If an user changes the Sharing Settings of one or multiple assets, within a stipulated amount of time, it is considered to be a violation and a posture change event is created.&#x20;

To use this Trigger action, you must select the **Changes share settings** option.

<figure><img src="/files/a35EUPh5Kg82p0DTJOK8" alt=""><figcaption></figcaption></figure>

Once you select the **Changes share settings** option, you must select the Google share setting that must be used as a Trigger.&#x20;

<figure><img src="/files/ctdn8fq6lyF5cwO8K346" alt="" width="563"><figcaption></figcaption></figure>

You must then select the number of assets and the timeline within which if the trigger action is implemented, Posture event must be raised. &#x20;

For instance, in the following image if the Sharing setting of five Google Drive assets is modified to **Public**, **within 1 hour**, a Posture Event is created.

<figure><img src="/files/MeIcUpcVgLQTuttPN0xX" alt=""><figcaption></figcaption></figure>

## Gives Access

In this Trigger action, if an employee grants permissions to one or multiple assets within a short span of time, it is considered as a Violation by Nightfall and a Posture Management Event is created.&#x20;

You must define the number of assets and the timeline. In the following image, if access is given to 5 or more assets within 1 hour, Nightfall considers it to be a Violation and triggers a Posture Event.&#x20;

<figure><img src="/files/AqNMRbdmL1Cgd1KCZsns" alt=""><figcaption></figcaption></figure>

### Add Filters

You can add filters to scope the generation of violations events to when asset access is granted to specific users, user groups, or domains.&#x20;

Conversely, you can also add filters to prevent the generation of violations events when asset access is granted to trusted users, user groups, and domains. This helps you to reduce the noise from trusted sources.

The filters section consist of the following filters.

* [#internal-users](#internal-users "mention")
* [#external-users](#external-users "mention")
* [#internal-groups](#internal-groups "mention")
* [#external-groups](#external-groups "mention")
* [#domains](#domains "mention")

#### Internal Users

* **Specific user(s)**: You must select this option to monitor file access granted to specific internal users. Once you choose this option, Nightfall populates the list of users from the synced IdPs in [Directory Sync](https://help.nightfall.ai/sensitive-data-protection/nightfall_settings/directory_sync). You must select the required users.
* **All users, except for**: You must select this option to exclude the monitoring of file access, granted to specific internal users. Once you choose this option, Nightfall populates the list of users from the synced IdPs in [Directory Sync](https://help.nightfall.ai/sensitive-data-protection/nightfall_settings/directory_sync). You must select the required users.

<figure><img src="/files/Lr8V1aWj5QSWSgyqgcgq" alt="" width="563"><figcaption></figcaption></figure>

#### External Users

* **Specific user(s)**: You must select this option to monitor file access granted to specific external users. Once you select this option, you must manually type the email ID of the user and press the enter key.
* **All users, except for**: You must select this option to exclude the monitoring of file access, granted to specific external users. Once you select this option, you must manually type the email ID of the user and press the enter key.

#### Internal Groups

* **Specific group(s)**: You must select this option to monitor file access granted to specific internal groups. Once you choose this option, Nightfall populates the list of users from the synced IdPs in [Directory Sync](https://help.nightfall.ai/sensitive-data-protection/nightfall_settings/directory_sync). You must select the required groups.
* **All users, except for**: You must select this option to exclude the monitoring of file access, granted to specific external users. Once you choose this option, Nightfall populates the list of users from the synced IdPs in [Directory Sync](https://help.nightfall.ai/sensitive-data-protection/nightfall_settings/directory_sync). You must select the required groups.

#### External Groups

* **Specific Group(s)**: You must select this option to monitor file access granted to specific external groups. Once you select this option, you must manually type the email ID of the group and press the enter key.
* **All Groups, except for**: You must select this option to exclude the monitoring of file access, granted to specific external groups. Once you select this option, you must manually type the email ID of the group and press the enter key.

#### Domains

* **Specific domain(s)**: You can use this option to only monitor if users belonging to specific domains are given access. To add a domain, type the domain name (example abcd.com) and hit the enter key. This option also allows you to include personal email domains by clicking the **Add free personal email domains** check box.
* **All Domains, except for**: You can use this option to exclude monitoring of certain users who belong to a specific domain. To exclude a domain, type the domain name (example abcd.com) and hit the enter key. This reduces unwanted noise from sanctioned external collaboration. Note that you can also exclude monitoring of sharing with personal email accounts.  This latter option is recommended if you already have an existing policy monitoring personal email (also recommended). This will ensure that your monitoring policies are mutually exclusive.

<figure><img src="/files/4jgBkDu563jllb6JJlvT" alt="" width="563"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.nightfall.ai/data-security-posture-management/nightfall-for-google-drive/configuring-google-drive-policies/trigger.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.