Each time Nightfall discovers a policy violation in a drive or file, you can configure to remove sharing of the drive or file. Removing sharing can be done manually or or as an automated remediation action.
Each time Nightfall discovers a policy violation in a drive or file, you can configure to change the access permissions to the drive or file. Changing link settings can be done manually or or as an automated remediation action.
Each time Nightfall discovers a policy violation in a drive or file, you can configure to send a notification to the owner of the file or page, about the violation. Notifying can be configured as a manual or automated remediation action.
Learn how to remediate violations in Nightfall for Google Drive
With Google Drive, you can configure to remediate sensitive content, or may alert the end user to take remediation actions. This will depend on your organization’s needs and access settings for Google Drive.
Note: When notifying the file owner, directly after running a remediation action, you might encounter an error that says the file is “already in the process of being remediated.”
This is normal, as the remediation takes a bit of time to run, between 30 seconds to 2 minutes. Once that action is complete, the user could then be notified and the action should run smoothly.
You can configure the remediation actions that you would like to take automatically when a new policy violation is detected.
Notify the file owner (via Slack/Email)
Change link settings to restricted
Change link setting to “Anyone in the organization with the link”
Remove internal users
Note that available remediation options depend on the pre-existing link/sharing settings.
Notes:
Authenticated Nightfall users can take remediation actions even if they don’t have access to the file within GDrive. (Unauthenticated users will not be able to take remediation actions).
The Nightfall user can download the affected file from the alert, in cases where they don’t have access to the file within GDrive. Download actions will be logged in configured alert platforms.