# Remediation for Google Drive

This document explains what admins and end-users can do once a policy is violated.

## Admin Notification and Remediation

When end-users violate a policy, the Nightfall admin is notified about the incident. The notification channel used to notify the Nightfall admin depends on the settings configured in the [#admin-alerting](https://help.nightfall.ai/data-security-posture-management/configuring-google-drive-policies/automated-actions#admin-alerting "mention") section. If you have not enabled any notification channels in the Admin alerting section, Nightfall admins are not notified. 

If you have enabled the email notification in the Admin alerts section, Nightfall admins receive an email. The email is as shown in the following image. 

The Email consists of the following data.

* **Event**: The event that caused the violation. For Google Drive, the event is always a download of assets. 
* **Actor**: The Email ID of the user who downloaded the file.
* **When**: The date and time when the email was downloaded.
* **Where**: The name of the file that was downloaded.
* **Policies Violated**: The name of the policy that was violated.
* **Violation Dashboard**: The link to the Events screen to view the violation in detail.
* **Actions**: The list of actions that the Nightfall admin can take. 

Also, a Slack message is sent if you have enabled the Slack alerts for the Nightfall admin. The Slack message looks as shown in the following image.

<figure><img src="https://content.gitbook.com/content/i2neFs5a4fa47QifSoot/blobs/20ICOZgjE6gj446saOXE/image.png" alt=""><figcaption></figcaption></figure>

## End-User Notification and Remediation

End-users receive notifications and remediation actions if the Nightfall admin has enabled these settings. The notifications are based on the settings configured in the [#automation](https://help.nightfall.ai/data-security-posture-management/configuring-google-drive-policies/automated-actions#automation "mention") section. The end-user remediation actions are based on the settings configured in the [#end-user-remediation](https://help.nightfall.ai/data-security-posture-management/configuring-google-drive-policies/automated-actions#end-user-remediation "mention") section.&#x20;

If you have configured the Email notification for end-users and enabled the end-user remediation, end-users can take remediation actions from the Email itself.&#x20;

The end-user Email for adding external users violation is shown in the following image. &#x20;

<figure><img src="https://294964914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi2neFs5a4fa47QifSoot%2Fuploads%2FRR6odHZZ3QkOXCpJMEZX%2Fimage.png?alt=media&#x26;token=8ec4109a-d135-4496-b2c8-6b1b09d61285" alt=""><figcaption></figcaption></figure>

The end-user Email for adding Changing Share settings violation is shown in the following image.

<figure><img src="https://294964914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi2neFs5a4fa47QifSoot%2Fuploads%2FzCH8c12fnrZ62RCKqlMf%2Fimage.png?alt=media&#x26;token=ff6646af-b119-4e20-b676-d700771e7034" alt=""><figcaption></figcaption></figure>

If you have configured Slack notifications for end-user and enabled end-user remediation, end-users can view the Slack message.&#x20;

## Managing Violations in Nightfall

Nightfall admins can manage violations from within the Nightfall console. The Posture Management Events page in Nightfall lists all the violations under the Posture tab. End-users can get a detailed view of each Posture violation recorded. To learn more about Posture Management Events page, refer to the [posture-management-events-page](https://help.nightfall.ai/data-security-posture-management/nightfall-for-google-drive/posture-management-events-page "mention") document.&#x20;