Learn how to configure Content Compliance rules in the Google Workspace.
A Content Compliance rule in Google Workspace is a predefined set of text, numerical patterns, or text patterns. You can set up rules to match the predefined text.
You must create the following compliance rules and SMTP relay service to set up Gmail DLP.
Content Compliance Rule for Monitoring: This rule monitors outgoing emails.
Content Compliance Rule for Quarantine: This rule is only required if you wish to use the quarantine action in Nightall.
Configure SMTP Relay Service: Once you create the content compliance rules, you must set up the routing rules to configure the SMTP relay service.
Learn how to configure the routing rules for SMTP relay settings in the Google Workspace.
Once you create the content compliance rules, you must set up the routing rules to configure SMTP relay settings. This ensures that you receive emails only from Nightfall's trusted IP addresses.
In the Nightfall UI, navigate to Integrations from the left navigation bar and click the Manage button for the Gmail integration.
All the headers and expressions required to create the compliance rules are available in the Installation section under Gmail settings as displayed in the image below. Keep this screen open to copy/paste the headers as you create the routing rules in Google Workspace. We will refer to this page as the Gmail settings page throughout the document.
To configure routing rules:
Login to your Google Workspace with an admin account.
Navigate to the admin console.
From the left menu, expand Apps > Google Workspace > Gmail.
Scroll down and select Routing.
Scroll down to the SMTP relay service section and click ADD ANOTHER RULE (the button can be displayed as CONFIGURE if you have not created any SMTP rules).
Enter a name for the SMTP rule (the name"Routing" is used in this case).
Select the Only accept mail from the specified IP addresses check box.
Click ADD.
In the Add Setting dialog box, enter a description in the Description field ("Nightfall IP" is used in this case).
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the IP Address 1 field, located under the Routing - SMTP Relay Service section.
Return to the Google Admin Workspace window and paste the copied value in the Enter IP address/range field.
Click SAVE.
The IP address is added as shown in the following image.
Repeat steps 8-12 to add the other two Nightfall IP addresses (In step 10, copy the values under IP address 2 and IP address 3 fields).
Select the Require TLS encryption check box.
Click SAVE.
Learn how to install the Nightfall DLP for Gmail.
This document explains the process of installing Nightfall DLP for Gmail. Nightfall DLP for Gmail allows you to scan all outgoing emails for sensitive data. Nightfall DLP for Gmail can scan both, email body and attachments.
You must have a Google Workspace account.
You must have administrator access to the above Google Workspace account.
When Nightfall detects emails with sensitive data, it can either Block, Quarantine, or Encrypt the email, based on the automated actions configured in the sensitive data policy for Gmail. To enable Nightfall to perform the quarantine action, you must set up compliance rules in Google Workspace.
Once you set up the compliance rules, you must then configure routing rules to setup the SMTP relay service to receive emails from Nightfall.
Learn how to create a quarantime content compliance rule in the Google Workspace.
The Quarantine compliance rule quarantines the email that contains sensitive data.
Important
You must configure this rule only if you wish to use the quarantine automated action.
In the Nightfall UI, navigate to Integrations from the left navigation bar and click the Manage button for the Gmail integration.
All the headers and expressions required to create the compliance rules are available in the Installation section under Gmail settings as displayed in the image below. Keep this screen open to copy/paste the headers as you create the content compliance rules in Google Workspace. We will refer to this page as the Gmail settings page throughout the document.
Navigate to the Compliance page of the Google Workspace (ignore this step if you are already there else refer to steps 1-6 of the Create Content Compliance Rule - Monitoring document to navigate to the compliance section).
Scroll down to the Content Compliance section and click ADD ANOTHER RULE. (If you have not created any Compliance rule previously, the button might be displayed as CONFIGURE).
Enter a name for the compliance rule ("Quarantine Rule" is added as the name in this document).
Select Outbound and Internal - Sending checkboxes in the Email messages to affect section.
If you select only the Outbound check box, only those emails that are routed out of your organization to external domains, are scanned. If you wish to scan internal emails (emails that are sent between the employees of your organization). you must select the Internal - Sending check box.
Select the If ANY of the following match the message option.
Click Add.
In the Add setting dialog box, select the Advanced Content match option.
In the Location drop-down menu, select Full headers.
In the Match type drop-down menu, select Contains text.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Header field, located under the Quarantine Content Compliance Rule (Optional) section.
Return to the Google Admin Workspace window and paste the copied value in the Content field. Nightfall updates the headers for all emails that need to be quarantined with “x-nightfall-quarantine”, once they are processed and before they are routed back to Gmail. This enables Gmail to quarantine the emails with this header.
Click SAVE.
In stage 3, select Quarantine message.
(Optional) Select the Notify sender when mail is quarantined check box to notify the sender when their email is quarantined.
Click SAVE.
Learn how to create a monitoring content compliance rule in the Google Workspace.
The first content compliance rule is used to monitor all outgoing emails.
Important
It is mandatory for you to create this rule to monitor outgoing emails for sensitive data.
In the Nightfall UI, navigate to Integrations from the left navigation bar and click the Manage button for the Gmail integration.
All the headers and expressions required to create the compliance rules are available in the Installation section under Gmail settings as displayed in the image below. Keep this screen open to copy/paste the headers as you create the content compliance rules in Google Workspace. We will refer to this page as the Gmail settings page throughout the document.
The steps to create content compliance rule are as follows.
Login to your Google Workspace with an admin account.
Navigate to the admin console.
From the left menu, expand Apps > Google Workspace > Gmail.
Scroll down and click Compliance.
When you click Compliance, you can view the list of Organization Units (OUs) on the left of the screen (see image below). You can directly configure the compliance rules and routing rules on your production OU (OU at the top most level) by selecting the same.
However, Nightfall recommends that you initially configure the rules on a subset OU (one of the nested OUs) which has a small set of users. When you click on a nested OU, the rules are created only for the nested OU that you select. Once you verify that the configuration is working as expected on the nested OU, you can configure the compliance rules on the production OU.
Scroll down to the Content Compliance section and click ADD ANOTHER RULE. (If you have not created any Compliance rule previously, the button might be displayed as CONFIGURE).
Enter a name for the compliance rule. For example, Nightfall DLP.
Select Outbound and Internal - Sending checkboxes in the Email messages to affect section.
If you select only the Outbound check box, only those emails that are routed out of your organization to external domains, are scanned. If you wish to scan internal emails (emails that are sent between the employees of your organization). you must select the Internal - Sending check box.
In step 2 of the content compliance rule, select the If ALL of the following match the message option.
You need to add two expressions in step 2 of content compliance rule. Click ADD.
In the Add setting dialog box, select the Advanced Content match option.
In the Location drop-down menu, select Sender header.
In the Match type drop-down menu select Matches Regex.
Navigate to the Gmail settings page on the Nightfall UI, refer to the regular expression format defined under the Monitoring Content Compliance Rule section, and create a regular expression that matches your organization name.
For example, if your organization name is Contoso.com, you can create the regular expression as .*@contoso\.com$
If you are using multiple domains to send emails from your organization and you need to scan outgoing emails from all those domains for sensitive data, you can use a regular expression to specify multiple domains as illustrated in installation instructions in the Nightfall console. For example, (.
@domain-name.extension$|.
@domain-name.extension$)
In the Regexp field, enter the regular expression to match your organization name.
Click SAVE.
You can now add a second expression in step 2 of the content compliance rule. Click Add.
Select Advanced content match in the drop-down menu.
In the Location drop-down menu, select Full headers.
In the Match type drop-down menu select Not Contains text.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Header field, located under the Full Header section.
Return to the Google Admin Workspace window and paste the copied value in the Content field.
Click SAVE.
The condition expression is created as follows. This expression ensures that all the emails that are not yet scanned by Nightfall are scanned.
In step 3, select Modify message.
Under the Headers section, select the Add X-Gm-Original-To header check box.
Select the Add custom headers check box. The Custom headers section is displayed once you select this check box.
Click ADD under Custom headers to add a new custom header.
There are two fields; Header key and Header value.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Authentication field, located under the Messaging Modification section.
Return to the Google Admin Workspace window and paste the copied value in the Header key field.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Nightfall UUID field, located under the Messaging Modification section.
Return to the Google Admin Workspace window and paste the copied value in the Header value field.
Click SAVE.
Scroll down to the Envelope recipient section and select the Change envelope recipient check box. A Replace recipient radio button field is displayed.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Change envelope recipient with field, located under the Messaging Modification section.
Return to the Google Admin Workspace window and paste the copied value in theReplace recipient field. This is the email address to which emails must be routed for scanning.
Scroll down to the Encryption (onward delivery only) section and select the Require secure transport (TLS) check box.
Click SAVE.