Create Content Compliance Rule - Monitoring
Learn how to create a monitoring content compliance rule in the Google Workspace.
Last updated
Was this helpful?
Learn how to create a monitoring content compliance rule in the Google Workspace.
Last updated
Was this helpful?
The first content compliance rule is used to monitor all outgoing emails.
In the Nightfall UI, navigate to Integrations from the left navigation bar and click the Manage button for the Gmail integration.
All the headers and expressions required to create the compliance rules are available in the Installation section under Gmail settings as displayed in the image below. Keep this screen open to copy/paste the headers as you create the content compliance rules in Google Workspace. We will refer to this page as the Gmail settings page throughout the document.
The steps to create content compliance rule are as follows.
Login to your Google Workspace with an admin account.
Navigate to the admin console.
From the left menu, expand Apps > Google Workspace > Gmail.
Scroll down and click Compliance.
Scroll down to the Content Compliance section and click ADD ANOTHER RULE. (If you have not created any Compliance rule previously, the button might be displayed as CONFIGURE).
Enter a name for the compliance rule. For example, Nightfall DLP.
Select Outbound and Internal - Sending checkboxes in the Email messages to affect section.
In step 2 of the content compliance rule, select the If ALL of the following match the message option.
You need to add two expressions in step 2 of content compliance rule. Click ADD.
In the Add setting dialog box, select the Advanced Content match option.
In the Location drop-down menu, select Sender header.
In the Match type drop-down menu select Matches Regex.
Navigate to the Gmail settings page on the Nightfall UI, refer to the regular expression format defined under the Monitoring Content Compliance Rule section, and create a regular expression that matches your organization name.
In the Regexp field, enter the regular expression to match your organization name.
Click SAVE.
You can now add a second expression in step 2 of the content compliance rule. Click Add.
Select Advanced content match in the drop-down menu.
In the Location drop-down menu, select Full headers.
In the Match type drop-down menu select Not Contains text.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Header field, located under the Full Header section.
Return to the Google Admin Workspace window and paste the copied value in the Content field.
Click SAVE.
The condition expression is created as follows. This expression ensures that all the emails that are not yet scanned by Nightfall are scanned.
In step 3, select Modify message.
Under the Headers section, select the Add X-Gm-Original-To header check box.
Select the Add custom headers check box. The Custom headers section is displayed once you select this check box.
Click ADD under Custom headers to add a new custom header.
There are two fields; Header key and Header value.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Authentication field, located under the Messaging Modification section.
Return to the Google Admin Workspace window and paste the copied value in the Header key field.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Nightfall UUID field, located under the Messaging Modification section.
Return to the Google Admin Workspace window and paste the copied value in the Header value field.
Click SAVE.
Scroll down to the Envelope recipient section and select the Change envelope recipient check box. A Replace recipient radio button field is displayed.
Navigate to the Gmail settings page on the Nightfall UI and copy the value from the Change envelope recipient with field, located under the Messaging Modification section.
Return to the Google Admin Workspace window and paste the copied value in theReplace recipient field. This is the email address to which emails must be routed for scanning.
Scroll down to the Encryption (onward delivery only) section and select the Require secure transport (TLS) check box.
Click SAVE.