Applying Actions on Events
Learn how to apply actions on Nightfall Events.
Last updated
Learn how to apply actions on Nightfall Events.
Last updated
When an Event is registered, a Nightfall admin can take suitable action on the registered Event. The action(s) performed on an Event ensures that the prevention of sensitive data leakage. Nightfall provides a set of actions that the Nightfall admin can implement. The actions vary for each integration. You can implement an action on an Event from the Event list view or Event detail view.
While Annotations are applied to individual Findings, Actions apply to the entire Event.
When a new Event is registered, by default, the Event is assigned the Active status and you can find it under the Active tab. The Pending tab displays the list of violations on which you have taken some action but have not yet resolved them. The Resolved tab displays the list of violations that have been resolved.
IMPORTANT
You must act on the active violations within 30 days. If you do not perform any action on an active violation within 30 days, the violation expires and moves to the Expired tab.
You can apply an action on a Violation either from the Violation list view page or the Violation details page, as displayed in the following image.
The actions menu in the detail view page displays the same list of actions as in the case of the ellipsis menu. Additionally, you can view a few more actions in the action menu which may not be present in the ellipsis menu.
The list of Actions provided by Nightfall are as follows.
The action copies the link to the Event. You can save or send this link to directly open the Event. This action is available only on the Event detail view.
This action opens the document from within the integration that contains sensitive data. This action is available only on the Event detail view.
This action downloads the file that contains sensitive data. If the file is deleted or moved to a different location within OneDrive, this action fails. This action is available only on the Event detail view.
This action moves the Event to the Ignored tab. For Google Drive, you can choose to Ignore multiple existing Events or future violations simultaneously. To learn more about the Ignore all feature in Google Drive, see Manage Google Drive Events (step 5).
Acknowledge action sends an email alert about the policy Event to the email account associated with your login.
This action allows you to notify end users about the Event. The notification can be via Slack, Email or MS Teams (varies for each integration)
This action allows you to select a JIRA project and create a ticket for this Event.
This action redacts the sensitive data found.
This action temporarily moves files or sensitive data from the original place in which it was discovered to a quarantined Nightfall space for further review. You can restore the quarantined items or permanently remove them by approving or rejecting them through Nightfall alerts.
This action modifies the link setting to anyone signed in to an account in your organization to use the link to your file.
This action applies to Google Drive integration and disables download, print, and copy actions for Commenter and Viewer roles. Editor roles will retain all actions.
This action deletes the attachment with sensitive tokens in a ticket comment (public replies and internal notes). You cannot revert this action.
This action modifies the permissions of a ticket comment from a public reply to an internal note. Converting to an internal note means the ticket comment will no longer be visible to the end user. This action is permanent.
This action removes the page from the web and/or removes guest access to the page. This action is active when it applies to the page at the time of the violation
This action is specific to the GitHub integration and sends a notification to GitHub about the violation.
This action marks the violation as resolved. You can revert this action.
The following table displays the list of all the Nightfall integrations and the Actions supported for each of these integrations.
Integration name | Available Actions |
---|---|
Confluence | Ignore Acknowledge Notify Slack Notify Email Send to JIRA Redact Delete Resolve |
Google Drive | Ignore Acknowledge Notify Slack Notify Email Send to JIRA Change Link Settings Disable Download Resolve |
JIRA | Ignore Acknowledge Notify Slack Notify Email Send to JIRA Redact Delete Resolve |
Slack | Ignore Notify Send to JIRA Quarantine Redact Delete (Nightfall supports both, deletion of messages and attachments) Resolve |
Salesforce | Ignore Acknowledge Send to JIRA Redact Delete Resolve |
Zendesk | Ignore Acknowledge Send to JIRA Redact Mark as Private Delete Attachment Notify Slack Notify Email Resolve |
ChatGPT | Ignore Resolve |
GitHub | Send to JIRA Acknowledge Ignore Notify GitHub Notify Email Resolve |
Notion | Send to JIRA Ignore Acknowledge Notify Slack Notify Email Remove Access Delete Attachment Redact Resolve |
MS Teams | Ignore Acknowledge Notify Email Notify Slack Notify Teams Change Link Settings Disable Download Resolve |
OneDrive | Ignore Acknowledge Notify Email Notify Slack Notify Teams Delete File Move to Recycle Bin Restrict to Owner Resolve |
Gmail | Ignore Acknowledge Notify Email Notify Slack Resolve |