# Create Content Compliance Rule - Monitoring

{% hint style="info" %}
This document is only applicable to new customers who are setting up Gmail DLP for the first time. If you are an existing customer and have setup Gmail DLP previously, refer [this documentation](https://help.nightfall.ai/gmail/installation/content_compliance_rules/monitroring-1).
{% endhint %}

The first content compliance rule is used to monitor all outgoing emails. 

{% hint style="info" %}
**Important**

It is mandatory for you to create this rule to monitor outgoing emails for sensitive data. 
{% endhint %}

## Summary

1. [Setup Host and Route](#step-1-setup-host-and-route)
2. [Setup "Email Messages to Affect"](#step-2-setup-email-messages-to-affect)
3. [Add the Regex Expressions](#step-3-add-expressions)
4. [Modify Message and Add Custom Headers](#step-4-modify-message-and-add-custom-headers)

## Prerequisites

In the Nightfall UI, navigate to **Integrations** > click the **Manage** button for Gmail integration. 

<figure><img src="/files/MLIwEdUc1l0MTyrbsM0q" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
All Compliance Rule headers and expression are available in **Gmail** (Manage) > **Installation**.

Keep this screen open to copy/paste the headers and expressions into Gmail throughout the process.
{% endhint %}

<figure><img src="/files/kzOHnHGGfHX3cHvM36yK" alt=""><figcaption></figcaption></figure>

## Content Compliance

### Step 1: Setup Host and Route

The steps to create content compliance rule are as follows.&#x20;

1. Login to Google Workspace with an admin account > navigate to the [**Admin**](https://admin.google.com/u/2/ac/home?hl=en) console.&#x20;
2. From the left menu, **Apps** > **Google Workspace** > **Gmail** > [**Hosts**](https://admin.google.com/u/2/ac/apps/gmail/hosts?utm_source=app_launcher) > click **ADD ROUTE**

<div data-with-frame="true"><figure><img src="/files/OuKra9nLNjioTqBVULsO" alt="" width="563"><figcaption></figcaption></figure></div>

5. **Name:** (Anything)
6. **Host Name**: `2r2xfv8u7uz5.fips.qbns.mail-manager-smtp.amazonaws.com`
7. **Port**: 25
8. Click **Save**.

<div data-with-frame="true"><figure><img src="/files/0wT3kvFtAgUfYfnnUwDh" alt="" width="563"><figcaption></figcaption></figure></div>

### Step 2: Setup "Email Messages to Affect"

1. Under **Settings for Gmail**, scroll down and click [**Compliance**](https://admin.google.com/u/2/ac/apps/gmail/compliance?utm_source=app_launcher).

{% hint style="info" %}
The list of Organization Units (OUs) is visible on the left of the screen (see image below).

You can directly configure the compliance rules and routing rules on your production OU (OU at the top most level) by selecting the same.&#x20;

**NOTE**: Nightfall recommends to initially configure the rules on a subset OU (one of the nested OUs), for testing/monitoring purposes.  Once the configuration is working as expected on the nested OU, you can configure the compliance rules on the production OU.&#x20;
{% endhint %}

<div data-with-frame="true"><figure><img src="/files/0vge45WXBMBF6pvqxn7D" alt="" width="563"><figcaption></figcaption></figure></div>

2. Navigate to **Content Compliance** > click **ADD ANOTHER RULE**.\
   \
   NOTE: If you have not created any Compliance rule previously, the button might be displayed as **CONFIGURE**.<br>

<div data-with-frame="true"><figure><img src="/files/tmPbq6d1793VbK7EiR1l" alt="" width="563"><figcaption></figcaption></figure></div>

3. Enter a name for the compliance rule, such as "Nightfall DLP".
4. Navigate to **Email messages to affect:**&#x20;
   1. Select **Outbound**
   2. Select **Internal - Sending**

<div data-with-frame="true"><figure><img src="/files/JvU1m4dswWt1SrkpMPiL" alt="" width="563"><figcaption></figcaption></figure></div>

{% hint style="info" %}
If you select only the **Outbound** check box, only those emails that are routed out of your organization to external domains, are scanned. If you wish to scan internal emails (emails that are sent between the employees of your organization). you must select the **Internal - Sending** check box.
{% endhint %}

### Step 3: Add Expressions

1. In step 2 of the content compliance rule, select:
   * **If ALL of the following match the message**
2. Add two expressions in step 2 of content compliance rule. Click **ADD**.

<div data-with-frame="true"><figure><img src="/files/x1cvcmXoxLnSoC935iKK" alt="" width="563"><figcaption></figcaption></figure></div>

3. Set the following settings within the "Add setting" dialog box:
   1. Change **Simple Content Match** > **Advanced Content match.**
   2. **Location**: Select **Sender header**
   3. **Match** **type**: Select **Matches Regex**
   4. **Regexp**: Copy from [Nightfall Gmail](https://app.nightfall.ai/gmail) > **Monitoring Content Compliance Rule** header:
      1. For a single domain:
         * *.\*@\<your-domain>\\.\<suffix>$*
      2. For more than one domain:
         * *(.\*@\<your-domain>\\.\<suffix>$|.\*\*@\<your-domain>\\.\<suffix>$)*
   5. **Regexp:** Adjust the regular expression to match your organization name.\
      See example below.

{% hint style="info" %}
For example, if your organization name is Contoso.com, you can create the regular expression as `.*@contoso\.com$`

If you are using multiple domains to send emails from your organization and you need to scan outgoing emails from all those domains for sensitive data, you can use a regular expression to specify multiple domains as illustrated in installation instructions in the Nightfall console. For example, `(.`*`@domain-name.extension$|.`*`@domain-name.extension$)`
{% endhint %}

7. Click **SAVE**.

<div data-with-frame="true"><figure><img src="/files/9XqyFbVqPZJpV8oRNQhe" alt="" width="563"><figcaption></figcaption></figure></div>

9. Add a second Expression under the same area by clicking **Add**.
   1. Change **Simple Content Match** > **Advanced Content match.**
   2. **Location:** Select **Full headers**
   3. **Match** **type:** Select **Not Contains text**
   4. **Content**: From [Nightfall Gmail](https://app.nightfall.ai/gmail) > Full Header > copy/paste the **Header** field:
      * "x-nightfall-scanned"
10. Click **SAVE**.

<div data-with-frame="true"><figure><img src="/files/VM6dFfRTTMc3QYO6Y0hT" alt="" width="563"><figcaption></figcaption></figure></div>

{% hint style="info" %}
The condition expression is created as follows. This expression ensures that all the emails that are not yet scanned by Nightfall are scanned.
{% endhint %}

<div data-with-frame="true"><figure><img src="/files/hQdovkUMUQDBqbiOrgEt" alt="" width="563"><figcaption></figcaption></figure></div>

### Step 4: Modify Message and Add Custom Headers

1. In step 3, select **Modify message**.
2. Under the **Headers** section, select the **Add X-Gm-Original-To header** check box.
3. &#x20;Select the **Add custom headers** check box. The **Custom headers** section is displayed once you select this check box.
4. Click **ADD** under **Custom headers** to add a new custom header.

<div data-with-frame="true"><figure><img src="/files/xE5n0vYnPkpmpiXOL5Ut" alt="" width="563"><figcaption></figcaption></figure></div>

There are two fields; **Header key** and **Header value**.

<div data-with-frame="true"><figure><img src="/files/KsRo87wVaJErDilu3Wmk" alt="" width="563"><figcaption></figcaption></figure></div>

5. From the other tab for the Nightfall Console for [Nightfall Gmail](https://app.nightfall.ai/gmail), copy/paste:
   1. Messaging Modification: **Authentication** field value > paste into **Header Key**
   2. Messaging Modification: **Nightfall UUID** field value > paste into **Header value**
6. Click **SAVE**.

<div data-with-frame="true"><figure><img src="/files/wYbSUGW9NBM5WiEC9gnT" alt="" width="563"><figcaption></figcaption></figure></div>

10. Scroll down to the **Route** section
    1. select **Change Route**
    2. click the dropdown
    3. select the routing rule created in the [Content Compliance Rule](https://help.nightfall.ai/gmail/installation/content_compliance_rules/monitroring#content-compliance-rule) section (step 5).<br>

       <div data-with-frame="true"><img src="https://help.nightfall.ai/~gitbook/image?url=https%3A%2F%2F2214688951-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-Mg3wgFIu8T7XAT1u-f_%252Fuploads%252FEOyLX9unh6XYLlMn4Qok%252Fimage.png%3Falt%3Dmedia%26token%3D34f524a1-9284-40fe-ba4f-3be474334665&#x26;width=768&#x26;dpr=3&#x26;quality=100&#x26;sign=51acc659&#x26;sv=2" alt="" width="563"></div>

11. Scroll to the **Encryption (onward delivery only)** section
    * select **Require secure transport (TLS)**.&#x20;

12. Click **SAVE**.

<div data-with-frame="true"><figure><img src="/files/95J7W8eTkSR08AYEWlpr" alt="" width="563"><figcaption></figcaption></figure></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.nightfall.ai/gmail/installation/content_compliance_rules/monitroring.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.