Learn more about various status of Nightfall Events.
The Status of an Event implies the current state of the Event. For instance, an Event whose status displays Notified, implies that the end-user whose actions caused the violation has been notified about their actions. They must now take appropriate actions.
When a new Event is created in Nightfall, the status is Active. The status of the violation gets modified by one of the following methods.
Automatically: If you have configured either Admin alerting, end-user alerting, or have allowed end-user remediation, the status of the violation changes automatically.
Manually: If you apply an action on a Violation manually either from the Violations page or from any other platform, the status of the violation changes accordingly.
The various Status available in Nightfall are listed as follows.
This status implies that the Event is newly created and no action (not even notification about the Event) is implemented.
This status implies that the Nightfall admin has viewed acknowledged the Event. A further action needs to be taken in future.
This status implies that the end-users have been notified about their actions that caused the Event.
This status implies that the sensitive data that triggered the Event, is redacted.
This status implies that the entity (file, email, and so on) that contains the sensitive data is quarantined from rest of the data.
This status implies that the access to the file or entity that contains sensitive data is no longer accessible to the internal users of the organization.
This status implies that the access to the file or entity that contains sensitive data is no longer accessible to the external users who are not part of your organization.
This status implies that the file's (that contains sensitive data) access permissions have been modified.
This status implies that the file or the entity that contained the sensitive data is deleted.
This status implies that the Nightfall admin has ignored the Event either because its false positive or because they wish to look into it in the later.
This status implies that the file that contains sensitive data has been disabled from downloading. This prevents any user from downloading the file.
This status implies that the file or the entity containing sensitive data is marked as private.
This status implies that the attachment that contains sensitive data has been deleted.
This status implies that a new JIRA ticket has been created to represent this Event.
This status implies that the sensitive data has been encrypted.
This status implies that the entity containing the sensitive data has been encrypted.
This status implies that a notification has been sent to the end-user requesting justification for their actions that caused the Event.
This status implies that the end-user has provided justification of their action(s) that triggered the Event.
This status implies that the access to the file containing sensitive data is now restricted only to the owner of the file.
This status implies that the file containing sensitive data is deleted.
This implies that the entity containing sensitive data is moved to recycle bin.
This status implies that the email has been quarantined. A Nightfall admin must visit the quarantine settings in Gmail and take an action accordingly. This status is applicable only to Gmail.
This status implies that the email was sent to the recipient after scanning. There were no actions taken on the email. This status is applicable only to Gmail.
These are the violations which have been notified to the end-users. However no action has been taken by the end-users or any other user.
This status implies that the sensitive data issue in the Event has been addressed and thus the Event is resolved.
This status implies that the Event has expired since no action has been taken even after the stipulated time period.