Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Welcome to Nightfall Documentation
  • Release Notes
    • Release Notes 2025
    • Release Notes 2021-2024
  • Introduction
    • Why Cloud DLP?
    • Introduction to Nightfall
    • Nightfall Overview
    • Cloud-native DLP vs. CASB
    • How Nightfall Works
    • Reasons to Choose Nightfall
    • Benefits of Nightfall
  • Compliance
    • How Nightfall Fits into Compliance Frameworks
    • ISO 27001 Compliance + DLP
    • SOC 2 Compliance + DLP
    • PCI Compliance + DLP
    • PHI Detector - More on Nightfall's HIPAA Compliance Detector
  • Getting Started
    • Installing Nightfall
  • Nightfall Detection Platform
    • Overview
    • Detectors
    • Choosing a Nightfall Detector
      • Compliance Use Cases
      • Data Protection Use Cases
    • Nightfall Detector Glossary
      • Secrets Detection
    • Creating Custom Detectors
      • Creating Dictionary Detector
      • Create File Type Detector
      • Create File Fingerprint Detector
      • Create Regular Expression Detector
      • Extend a Nightfall Detector
    • Create Detection Rules
    • Detection Platform Overview
    • Evaluating Detection
    • Creating Policies
      • Selecting Integration
      • Scope of the Policy
      • Detection Rules
      • Advanced Settings
      • Name and Risk Score
    • Historical Scan Detection Rules
    • Regex Library
    • Detection Platform FAQs
      • How can I reduce false positives in my findings?
      • What do different “Confidence Levels” mean?
      • What file types will Nightfall scan for sensitive data? What are the limitations?
      • How do I use Context Rules?
      • How do I use Exclusion Rules?
      • Does Nightfall have a regex library I can choose from?
      • Why does Nightfall sometimes miss to report SSN, credit card number, and so on?
      • Why does the Password Detector Report False Positive Zoom Password Findings?
  • Nightfall Detection & Policy Templates
    • Detection Rules
    • Nightfall Sample Data Sets
  • Dashboard and Events
    • Nightfall Dashboard
    • Sensitive Data Protection Events
      • Filtering Events
      • Event Filter Operators
      • Applying Actions on Events
      • Applying Bulk Actions on Events
      • Event Status
      • Deduplication and Automatic Resolution of Events
  • Setting up Alert Platforms
    • Nightfall Alert Platforms
    • Setting up Slack as an Alert Platform
    • Setting up Jira as an Alert Platform
    • Setting up MS Teams as an Alert Platform
  • Operationalizing Nightfall DLP
    • Playbook
    • Informing & Coaching Business Users
    • Alert Management Guiding Principles
    • Integrating with Security Tools
      • Integrating with SIEM
        • Integrating with Microsoft Sentinel
      • Creating Dashboards for Nightfall Alerts in Splunk
      • Creating Dashboards for Nightfall Alerts in Sumo Logic
      • Sending Alerts to Microsoft Teams
    • Frequently Asked Questions (FAQs) for End-Users
  • Nightfall Integrations
  • Nightfall for Slack
    • Nightfall for Slack: Quick Start
    • Getting Started With Nightfall for Slack
      • Requirements
        • Requirements for Nightfall DLP for Slack Enterprise
        • Requirements for Nightfall DLP for Slack Pro and Slack Business+
      • Installing Nightfall for Slack
        • Installing Nightfall DLP for Slack Enterprise
        • Installing Nightfall DLP for Slack Pro and Business+
    • Configure Alerts for Slack
    • Configuring Policies for Slack Pro and the Slack Business+ Editions
      • Slack Pro and Business+ App Selection
      • Configure Scope for Slack Pro and Slack Business+
      • Configure Detection Rules for Slack Pro and Slack Business+
      • Configure Automated Actions in Slack Pro and Slack Business+
      • Configure Advanced Settings in Slack Pro and Slack Business+
      • Risk Configuration in Slack DLP for Slack Pro and Slack Business+ Editions
      • Manage Events for Slack
    • Configuring Policies for the Slack Enterprise Edition
      • Slack App Selection
      • Configure Scope for Slack Enterprise
      • Select Detection Rules for Slack Enterprise
      • Configure Automated Actions in Slack Enterprise
      • Configure Advanced Settings for Slack Enterprise
      • Risk Configuration for Slack Enterprise
      • Manage Events for Slack Enterprise
    • FAQs
      • Can I redact sensitive message content in Slack?
      • Nightfall for Slack Pro vs Enterprise
        • Upgrading from Slack Pro to Enterprise
      • Can we customize the alert messages sent in Slack?
      • Can I Disable Detection in Private Channels or DMs?
      • What types of channels does Nightfall scan? Does Nightfall scan shared channels?
      • I am unable to view a sensitive message or file from the Nightfall alert channel.
      • Upon Slack installation, why am I seeing a 400 error mentioning a "Restricted Action"?
      • I send a sensitive message, edit it, and then admin applies the Redact action. What is the outcome?
      • How do I re-install Nightfall DLP for Slack Pro Edition?
      • How do I re-install Nightfall DLP for Slack Enterprise Edition?
  • Nightfall for GitHub
    • Getting Started
      • Requirements
      • Install Nightfall for GitHub
      • Configure Alerts for GitHub
    • Configure Policies for GitHub
      • GitHub App Selection
      • Configure Scope for GitHub
        • Use Regular Expressions to Exclude GitHub Directories
      • Configure Detection Rules for GitHub
      • Configure Advanced Settings for GitHub
      • Configure Risk Score for GitHub
    • Manage GitHub Events
    • Remediation on Nightfall for Github
  • NIGHTFALL FOR GOOGLE DRIVE
    • Getting Started
      • Requirements
      • Install Nightfall for Google Drive
      • Enable Google Drive Labels
      • Configure Alerts for Google Drive
    • Configure Policies for Google Drive
      • Google Drive App Selection
      • Configure Scope for Google Drive
      • Configure Detection Rules for Google Drive
      • Configure Advanced Settings for Google Drive
      • Risk Score for Google Drive
      • Manage Google Drive Events
  • Nightfall for Confluence
    • Getting Started
    • Install Nightfall for Confluence
      • Configure Alerts for Confluence
    • Configuring Policies for Confluence
      • Confluence App Selection
      • Configure Scope for Confluence
      • Configure Detection Rules for Confluence
      • Configure Advanced Settings for Confluence
      • Configure Risk Score for Confluence
      • Manage Confluence Events
    • FAQs
      • Page Restrictions
  • Nightfall for jira
    • Getting Started
    • Install Nightfall for Jira
      • Configuring Alerts for Jira
    • Configure Policies in Nightfall for Jira
      • Jira App Selection
      • Configure Scope in Nightfall for JIRA
      • Select Detection Rules in Nightfall for JIRA
      • Configuring Advanced Settings in Nightfall for JIRA
      • Configure Risk Score for Jira
      • Manage Jira Events
  • Nightfall for Microsoft 365
    • Getting Started
      • Microsoft 365 Requirements
      • Setting up Directory Sync
      • Setting up Microsoft Tenant
        • Update App Selection for a Registered Tenant
    • Nightfall for OneDrive
      • Configure Alerts for OneDrive
      • Nightfall Policies for OneDrive
        • OneDrive App Selection
        • Configure Scope for OneDrive
        • Configure Detection Rules for OneDrive
        • Configure Advanced Settings for OneDrive
        • Risk Score for OneDrive Policies
        • Manage OneDrive Events
    • Nightfall for Microsoft Teams
      • Configure Alerts for Microsoft Teams
      • Configure Policies for Microsoft Teams
        • Select Integration in Microsoft Teams
        • Configure Scope for Microsoft teams
          • Scope for Personal Chats
          • Scope for MS Teams Channels
        • Configure Detection Rules in Microsoft Teams DLP
        • Configure Advanced Settings in Microsoft Teams
        • Risk Score in Microsoft Teams Policies
        • Manage Microsoft Teams Events
  • Nightfall for Gmail
    • Overview
    • Install Nightfall DLP for Gmail
      • Configure Content Compliance Rules
        • Create Content Compliance Rule - Monitoring
        • Configure Content Compliance Rule - Quarantine
        • Configure Routing Rules - SMTP Relay Settings
    • Configure Alerts for Gmail
    • Nightfall Policies for Gmail
      • Gmail App Selection
      • Configure Scope for Gmail
      • Configure Detection Rules for Gmail
      • Configure Advanced Settings for Gmail
      • Configure Risk Score for Gmail
      • Manage Gmail Events
    • Remediation on Nightfall for Gmail
  • Nightfall For Salesforce
    • Overview
    • Getting Started
      • Install Nightfall DLP for Salesforce
      • Upgrade Nightfall DLP for Salesforce
      • Configure Alerts for Salesforce
    • Nightfall Policies for Salesforce
      • Salesforce App Selection
      • Configure Scope for Salesforce
      • Configure Detection Rules for Salesforce
      • Configure Advanced Settings for Salesforce
      • Risk Score for Salesforce
      • Manage Salesforce Events
    • FAQs
  • Nightfall for Zendesk
    • Getting Started
      • Requirements
      • Install Nightfall DLP for Zendesk
      • Configure Alerts for Zendesk
    • Configure Policies for Zendesk
      • Zendesk App Selection
      • Configure Scope for Zendesk
      • Configure Detection Rules for Zendesk DLP
      • Configure Advanced Settings in Zendesk
      • Risk Score for Zendesk
      • Manage Zendesk Events
  • Nightfall for Notion
    • Getting Started
      • Requirements
      • Steps
    • Install Nightfall for Notion
      • Verification of Notion Installation
    • Configure Alerts for Notion
    • Configure Policies for Notion
      • Notion App Selection
      • Configure Detection Rules for Notion
      • Configure Advanced Settings for Notion
      • Risk Score for Notion
      • Manage Notion Events
  • NIGHTFALL FOR Generative AI Applications
    • Overview
    • Install Nightfall for GenAI apps
      • Install Nightfall DLP on Individual Devices
      • Install Nightfall DLP Across Organization
    • Configure Alerts for GenAI apps
    • Creating GenAI Policies from Nightfall Console
      • AI Apps Selection
      • Configure Detection Rules for AI Apps
      • Configure Advanced Settings for AI Apps
      • Risk Score for AI Apps
    • Nightfall Browser Plugin Deployment Guide
    • GenAI Safe Usage and Data Protection Policy
  • Developer Section
    • Nightfall Firewall for AI
    • Nightfall Playground
  • Settings
    • Users and Roles
      • Authentication Options
    • Role Based Access Control (RBAC)
      • Security Analyst Role
      • Policy Manager Role
      • Security Events Manager Role
      • Security Operations Manager Role
      • System Administrator Role
    • Directory Sync
      • Add Microsoft Entra ID to Nightfall
      • Google Workspace Directory Service
      • Add Okta to Nightfall
    • Custom Branding
    • Customer Referral Program
  • Frequently Asked Questions (FAQs)
    • How long does it take to deploy Nightfall?
    • How do I deploy Nightfall?
    • What are some unique points about Nightfall that I should know?
    • Which languages does Nightfall support?
    • How does Nightfall yield time savings for my team?
    • Nightfall vs Legacy DLP: What's the difference?
    • How does Nightfall make my organization more secure?
    • Nightfall vs CASB: What's the difference?
    • Nightfall vs E-Discovery: What's the difference?
    • How does Nightfall classify data?
    • What types of data does Nightfall classify?
    • Does Nightfall scan unstructured data?
    • Does Nightfall require data to be already tagged?
    • How do I learn more about and test out Nightfall?
    • Using Service Accounts with Nightfall
    • Which permissions are required for each integration?
    • Where can I find active user counts for each SaaS application protected by Nightfall?
    • In the Atlassian Marketplace, why does it show that the Nightfall app is not approved in security?
    • How can I estimate the data volume that Nightfall needs to scan?
    • How can I check the Platform Status of Nightfall
  • Login to Nightfall
  • Contact Nightfall
Powered by GitBook
On this page
  • Nightfall Events
  • Event Actions
  • Email Notifications
  • Viewing Notifications in GitHub
  • Enabling Notifications in GitHub

Was this helpful?

Export as PDF
  1. Nightfall for GitHub

Manage GitHub Events

Learn how to handle Nightfall Events that were created as a result of sensitive data leak in GitHub.

PreviousConfigure Risk Score for GitHubNextRemediation on Nightfall for Github

Last updated 2 months ago

Was this helpful?

When an end user violates a policy in GitHub, Events are generated in GitHub and you can view these Violations on the console.

GitHub integration implements across GitHub Events. Deduplication reduces the number of distinct Events created for a finding that is already accounted for by an active Event related to the same GitHub branch.

The following table summarises the treatment of a GitHub Event with Deduplication in action when the developer(s) push changes to a file in a GitHub branch.

State of existing Nightfall Violation
Developer Action on a file in GitHub repo
Automated actions due to Deduplication

No existing Event

Introduce sensitive data

New Event Created

Active Event not in a resolved state

Additional code with sensitive data pushed

  1. Increment finding(s) in the existing Event

  2. Create an Event with all the new findings

Active Event not in a resolved state

Code with sensitive findings redacted

  1. Number of findings in the existing Event updated

  2. If no finding remaining then the Event is marked resolved

Event is in a resolved state

Additional code with sensitive data pushed

New Event created

The following table summarises the treatment of a GitHub violation with Deduplication in action when the developer(s) clones/merges a GitHub branch.

State of existing Nightfall Event
Developer Action on a file in GitHub repo
Automated actions due to Deduplication

No existing Event

Branch Clone

No new Events

Active Event not in a resolved state

Branch Clone

  1. No new Events in the original branch

  2. No Events in the cloned branch

No existing Event

Merge Cloned Branch back or Delete Cloned Branch

No new Events

No existing Event

Merge Cloned Branch back or Delete Cloned Branch

  1. No new Events

  2. Existing Events from the Cloned Branch resolved

When an Event is automatically resolved by the GitHub Deduplication feature (as a result of sensitive data being removed from the concerned GitHub file/repo) the log section of the Event displays a Resolved automatically message as shown in the following image.

Nightfall Events

To view the on the Nightfall Console:

  1. Navigate to the Detection and Response from the left menu.

  2. (Optional) Modify the days filter to view Events prior to last 7 days. By default the Events recorded in the Last 7 Days are displayed.

  1. Apply filters to view only the GitHub Events.

  1. Click on any of the Events to view details of an Event. You may click anywhere in the row of an Event that you wish to inspect. Details will be present via a side panel.

The second section displays details that are source / integration specific and so the details vary from one integration to the other.

Event Actions

Nightfall allows you to take various action on Events. When you take an action on an Event, the status of the Event changes accordingly. To learn more about Event status, refer to the Event Status document.

In GitHub, you can take actions either from the Event list view page or the Event detail view page. On the Event list view page, you can click the ellipsis menu to view the available list of actions.

On the Event detail view, you can view the applicable actions from the actions section at the bottom.

To view the complete list of actions, applicable to all the integrations, you can refer to the Applying Actions on Events document.

The list of actions supported for GitHub are as follows. Some of these actions are common to other integrations as well.

  • Copy Event Link: The action copies the link to the Event. You can save or send this link to directly open the Event. This action is available only on the Event detail view.

  • View in GitHub: This action redirects to the relevant repository that contains the sensitive data in the source GitHub. While this action is available only on the Event detail view, please note that relevant access to the document in source GitHub repository should be present.

  • Download Original Content: This action downloads the original content that contains sensitive data. If the content is deleted or moved to a different location within GitHub, this action fails. This action is available only on the Event detail view.

  • Send to JIRA: This action creates a JIRA ticket for the Event. You can pick a project and Issue type while creating the JIRA ticket and can assign the JIRA ticket to the end-user

  • Acknowledge: You can take this action to notify other users that you have looked into this Event and will take suitable action in future.

  • Ignore: The ignore action flags Nightfall to ignore all the findings in the Event and may be taken if you find the findings false positive. This action marks the Event as resolved and moves it to the Resolved section. You can undo this action.

  • Notify Email: This action notifies the end user who added the sensitive data in GitHub about the event, through email.

  • Notify GitHub: This action notifies the end user who added the sensitive data in GitHub about the event, through GitHub. To learn more about how to check notifications in GitHub, see Viewing Notifications in GitHub.

  • Resolve: This action must be taken when the sensitive data is removed completely from the source file. This action resolves the Event.

Email Notifications

  • When a data leak occurs, GitHub sends an Email notification to end users, if end users have configured Email as a Notification method in their GitHub account.

The Email received from by Nightfall Admins and end-users (if configured), looks as follows.

Viewing Notifications in GitHub

If an end-user adds sensitive information in a feature branch and merges it with the main branch, Nightfall comments on this pull request.

If an end-user adds sensitive information in the main branch and commits it, Nightfall comments on this GitHub commit.

The Nightfall comment is created by nightfall-for-github bot.

Additionally, if end-users have configured GitHub to receive Notifications, they can also view the violation under the Notifications page. This Notification also tags the end-user.

To view the Violation message under GitHub notifications, end-users must execute the following steps.

  1. Click the GitHub Notifications icon.

  2. Select the Notification which has a tag (mention).

  3. Scroll down to view the Notification.

Enabling Notifications in GitHub

To view Notifications from within GitHub end-users must enable the GitHub notifications. The steps to enable GitHub notifications are as follows.

  1. Click on your GitHub account icon and select Settings.

  2. Click Notifications from the left pane.

  3. Under Subscriptions, enable GitHub notifications for the Participating, @mentions and custom section.

  4. Click Save.

Once you filter the Events to view only the GitHub Events, you can refer to the section to learn more about the available options.

The side panel (or the Event detail view) is divided into three separate sections. The first section has information about the occurrence of individual findings with a preview. The third section is an activity log for the Event. Both these sections reveal information that is common across all sources/integrations. You can refer to these common sections in the section.

Additionally, if Nightfall admins have configured Email Notification in , Nightfall admins receive the Email notification.

If Nightfall admins have configured Email Notification in the Automation section of settings, end users receive an email from Nightfall. This Email allows end users to take actions from within the Email.

If you have configured GitHub as a Notification in the Automation section of , end users can view the violation notification from within GitHub.

Open the file that triggered the violation. A comment is generated by Nightfall which also has the remediation options. The available options are based on the settings you configured in the Automation section of .

In the following image, the Nightfall comment has two options; Report as False Positive and Report as False Positive with Business Justification. These options are displayed because they were enabled in the section of the policy.

Admin Alerting
End user notification
End User Notification
End User Notification
End-User Remediation
Nightfall Event
Deduplication
Event List View
Event Detail View