Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Welcome to Nightfall Documentation
  • Release Notes
    • Release Notes 2025
    • Release Notes 2021-2024
  • Introduction
    • Why Cloud DLP?
    • Introduction to Nightfall
    • Nightfall Overview
    • Cloud-native DLP vs. CASB
    • How Nightfall Works
    • Reasons to Choose Nightfall
    • Benefits of Nightfall
  • Compliance
    • How Nightfall Fits into Compliance Frameworks
    • ISO 27001 Compliance + DLP
    • SOC 2 Compliance + DLP
    • PCI Compliance + DLP
    • PHI Detector - More on Nightfall's HIPAA Compliance Detector
  • Getting Started
    • Installing Nightfall
  • Nightfall Detection Platform
    • Overview
    • Detectors
    • Choosing a Nightfall Detector
      • Compliance Use Cases
      • Data Protection Use Cases
    • Nightfall Detector Glossary
      • Secrets Detection
    • Creating Custom Detectors
      • Creating Dictionary Detector
      • Create File Type Detector
      • Create File Fingerprint Detector
      • Create Regular Expression Detector
      • Extend a Nightfall Detector
    • Create Detection Rules
    • Detection Platform Overview
    • Evaluating Detection
    • Creating Policies
      • Selecting Integration
      • Scope of the Policy
      • Detection Rules
      • Advanced Settings
      • Name and Risk Score
    • Historical Scan Detection Rules
    • Regex Library
    • Detection Platform FAQs
      • How can I reduce false positives in my findings?
      • What do different “Confidence Levels” mean?
      • What file types will Nightfall scan for sensitive data? What are the limitations?
      • How do I use Context Rules?
      • How do I use Exclusion Rules?
      • Does Nightfall have a regex library I can choose from?
      • Why does Nightfall sometimes miss to report SSN, credit card number, and so on?
      • Why does the Password Detector Report False Positive Zoom Password Findings?
  • Nightfall Detection & Policy Templates
    • Detection Rules
    • Nightfall Sample Data Sets
  • Dashboard and Events
    • Nightfall Dashboard
    • Sensitive Data Protection Events
      • Filtering Events
      • Event Filter Operators
      • Applying Actions on Events
      • Applying Bulk Actions on Events
      • Event Status
      • Deduplication and Automatic Resolution of Events
  • Setting up Alert Platforms
    • Nightfall Alert Platforms
    • Setting up Slack as an Alert Platform
    • Setting up Jira as an Alert Platform
    • Setting up MS Teams as an Alert Platform
  • Operationalizing Nightfall DLP
    • Playbook
    • Informing & Coaching Business Users
    • Alert Management Guiding Principles
    • Integrating with Security Tools
      • Integrating with SIEM
        • Integrating with Microsoft Sentinel
      • Creating Dashboards for Nightfall Alerts in Splunk
      • Creating Dashboards for Nightfall Alerts in Sumo Logic
      • Sending Alerts to Microsoft Teams
    • Frequently Asked Questions (FAQs) for End-Users
  • Nightfall Integrations
  • Nightfall for Slack
    • Nightfall for Slack: Quick Start
    • Getting Started With Nightfall for Slack
      • Requirements
        • Requirements for Nightfall DLP for Slack Enterprise
        • Requirements for Nightfall DLP for Slack Pro and Slack Business+
      • Installing Nightfall for Slack
        • Installing Nightfall DLP for Slack Enterprise
        • Installing Nightfall DLP for Slack Pro and Business+
    • Configure Alerts for Slack
    • Configuring Policies for Slack Pro and the Slack Business+ Editions
      • Slack Pro and Business+ App Selection
      • Configure Scope for Slack Pro and Slack Business+
      • Configure Detection Rules for Slack Pro and Slack Business+
      • Configure Automated Actions in Slack Pro and Slack Business+
      • Configure Advanced Settings in Slack Pro and Slack Business+
      • Risk Configuration in Slack DLP for Slack Pro and Slack Business+ Editions
      • Manage Events for Slack
    • Configuring Policies for the Slack Enterprise Edition
      • Slack App Selection
      • Configure Scope for Slack Enterprise
      • Select Detection Rules for Slack Enterprise
      • Configure Automated Actions in Slack Enterprise
      • Configure Advanced Settings for Slack Enterprise
      • Risk Configuration for Slack Enterprise
      • Manage Events for Slack Enterprise
    • FAQs
      • Can I redact sensitive message content in Slack?
      • Nightfall for Slack Pro vs Enterprise
        • Upgrading from Slack Pro to Enterprise
      • Can we customize the alert messages sent in Slack?
      • Can I Disable Detection in Private Channels or DMs?
      • What types of channels does Nightfall scan? Does Nightfall scan shared channels?
      • I am unable to view a sensitive message or file from the Nightfall alert channel.
      • Upon Slack installation, why am I seeing a 400 error mentioning a "Restricted Action"?
      • I send a sensitive message, edit it, and then admin applies the Redact action. What is the outcome?
      • How do I re-install Nightfall DLP for Slack Pro Edition?
      • How do I re-install Nightfall DLP for Slack Enterprise Edition?
  • Nightfall for GitHub
    • Getting Started
      • Requirements
      • Install Nightfall for GitHub
      • Configure Alerts for GitHub
    • Configure Policies for GitHub
      • GitHub App Selection
      • Configure Scope for GitHub
        • Use Regular Expressions to Exclude GitHub Directories
      • Configure Detection Rules for GitHub
      • Configure Advanced Settings for GitHub
      • Configure Risk Score for GitHub
    • Manage GitHub Events
    • Remediation on Nightfall for Github
  • NIGHTFALL FOR GOOGLE DRIVE
    • Getting Started
      • Requirements
      • Install Nightfall for Google Drive
      • Enable Google Drive Labels
      • Configure Alerts for Google Drive
    • Configure Policies for Google Drive
      • Google Drive App Selection
      • Configure Scope for Google Drive
      • Configure Detection Rules for Google Drive
      • Configure Advanced Settings for Google Drive
      • Risk Score for Google Drive
      • Manage Google Drive Events
  • Nightfall for Confluence
    • Getting Started
    • Install Nightfall for Confluence
      • Configure Alerts for Confluence
    • Configuring Policies for Confluence
      • Confluence App Selection
      • Configure Scope for Confluence
      • Configure Detection Rules for Confluence
      • Configure Advanced Settings for Confluence
      • Configure Risk Score for Confluence
      • Manage Confluence Events
    • FAQs
      • Page Restrictions
  • Nightfall for jira
    • Getting Started
    • Install Nightfall for Jira
      • Configuring Alerts for Jira
    • Configure Policies in Nightfall for Jira
      • Jira App Selection
      • Configure Scope in Nightfall for JIRA
      • Select Detection Rules in Nightfall for JIRA
      • Configuring Advanced Settings in Nightfall for JIRA
      • Configure Risk Score for Jira
      • Manage Jira Events
  • Nightfall for Microsoft 365
    • Getting Started
      • Microsoft 365 Requirements
      • Setting up Directory Sync
      • Setting up Microsoft Tenant
        • Update App Selection for a Registered Tenant
    • Nightfall for OneDrive
      • Configure Alerts for OneDrive
      • Nightfall Policies for OneDrive
        • OneDrive App Selection
        • Configure Scope for OneDrive
        • Configure Detection Rules for OneDrive
        • Configure Advanced Settings for OneDrive
        • Risk Score for OneDrive Policies
        • Manage OneDrive Events
    • Nightfall for Microsoft Teams
      • Configure Alerts for Microsoft Teams
      • Configure Policies for Microsoft Teams
        • Select Integration in Microsoft Teams
        • Configure Scope for Microsoft teams
          • Scope for Personal Chats
          • Scope for MS Teams Channels
        • Configure Detection Rules in Microsoft Teams DLP
        • Configure Advanced Settings in Microsoft Teams
        • Risk Score in Microsoft Teams Policies
        • Manage Microsoft Teams Events
  • Nightfall for Gmail
    • Overview
    • Install Nightfall DLP for Gmail
      • Configure Content Compliance Rules
        • Create Content Compliance Rule - Monitoring
        • Configure Content Compliance Rule - Quarantine
        • Configure Routing Rules - SMTP Relay Settings
    • Configure Alerts for Gmail
    • Nightfall Policies for Gmail
      • Gmail App Selection
      • Configure Scope for Gmail
      • Configure Detection Rules for Gmail
      • Configure Advanced Settings for Gmail
      • Configure Risk Score for Gmail
      • Manage Gmail Events
    • Remediation on Nightfall for Gmail
  • Nightfall For Salesforce
    • Overview
    • Getting Started
      • Install Nightfall DLP for Salesforce
      • Upgrade Nightfall DLP for Salesforce
      • Configure Alerts for Salesforce
    • Nightfall Policies for Salesforce
      • Salesforce App Selection
      • Configure Scope for Salesforce
      • Configure Detection Rules for Salesforce
      • Configure Advanced Settings for Salesforce
      • Risk Score for Salesforce
      • Manage Salesforce Events
    • FAQs
  • Nightfall for Zendesk
    • Getting Started
      • Requirements
      • Install Nightfall DLP for Zendesk
      • Configure Alerts for Zendesk
    • Configure Policies for Zendesk
      • Zendesk App Selection
      • Configure Scope for Zendesk
      • Configure Detection Rules for Zendesk DLP
      • Configure Advanced Settings in Zendesk
      • Risk Score for Zendesk
      • Manage Zendesk Events
  • Nightfall for Notion
    • Getting Started
      • Requirements
      • Steps
    • Install Nightfall for Notion
      • Verification of Notion Installation
    • Configure Alerts for Notion
    • Configure Policies for Notion
      • Notion App Selection
      • Configure Detection Rules for Notion
      • Configure Advanced Settings for Notion
      • Risk Score for Notion
      • Manage Notion Events
  • NIGHTFALL FOR Generative AI Applications
    • Overview
    • Install Nightfall for GenAI apps
      • Install Nightfall DLP on Individual Devices
      • Install Nightfall DLP Across Organization
    • Configure Alerts for GenAI apps
    • Creating GenAI Policies from Nightfall Console
      • AI Apps Selection
      • Configure Detection Rules for AI Apps
      • Configure Advanced Settings for AI Apps
      • Risk Score for AI Apps
    • Nightfall Browser Plugin Deployment Guide
    • GenAI Safe Usage and Data Protection Policy
  • Developer Section
    • Nightfall Firewall for AI
    • Nightfall Playground
  • Settings
    • Users and Roles
      • Authentication Options
    • Role Based Access Control (RBAC)
      • Security Analyst Role
      • Policy Manager Role
      • Security Events Manager Role
      • Security Operations Manager Role
      • System Administrator Role
    • Directory Sync
      • Add Microsoft Entra ID to Nightfall
      • Google Workspace Directory Service
      • Add Okta to Nightfall
    • Custom Branding
    • Customer Referral Program
  • Frequently Asked Questions (FAQs)
    • How long does it take to deploy Nightfall?
    • How do I deploy Nightfall?
    • What are some unique points about Nightfall that I should know?
    • Which languages does Nightfall support?
    • How does Nightfall yield time savings for my team?
    • Nightfall vs Legacy DLP: What's the difference?
    • How does Nightfall make my organization more secure?
    • Nightfall vs CASB: What's the difference?
    • Nightfall vs E-Discovery: What's the difference?
    • How does Nightfall classify data?
    • What types of data does Nightfall classify?
    • Does Nightfall scan unstructured data?
    • Does Nightfall require data to be already tagged?
    • How do I learn more about and test out Nightfall?
    • Using Service Accounts with Nightfall
    • Which permissions are required for each integration?
    • Where can I find active user counts for each SaaS application protected by Nightfall?
    • In the Atlassian Marketplace, why does it show that the Nightfall app is not approved in security?
    • How can I estimate the data volume that Nightfall needs to scan?
    • How can I check the Platform Status of Nightfall
  • Login to Nightfall
  • Contact Nightfall
Powered by GitBook
On this page
  • Key principles and Priority Order in Which Filters are Evaluated
  • Key Principles:
  • Priority order for filters
  • Configuring Senders
  • Users Configuration
  • User Groups Configuration
  • Configuring Recipients and Domains
  • Internal Recipients
  • External Recipients
  • Domains

Was this helpful?

Export as PDF
  1. Nightfall for Gmail
  2. Nightfall Policies for Gmail

Configure Scope for Gmail

Learn how to configure the Scope section for Gmail.

PreviousGmail App SelectionNextConfigure Detection Rules for Gmail

Last updated 7 months ago

Was this helpful?

The Gmail Scope configuration page allows you to set filters to perform the following tasks.

  • Monitor or Exclude Monitoring of Emails sent by Specific Users and Groups: You can set up the Gmail scope to monitor only the required emails that were sent by either specific users or from a user group ID. Similarly, you can also choose to exclude certain user and group mail IDs from being monitored.

  • Monitor or Exclude Monitoring of Emails sent to Specific Recipients and Domains: You can choose specific email IDs that you wish to monitor or skip monitoring.

The Scope section is divided into the following two sub-sections.

  • Senders: Select this option if you wish to monitor or exclude monitoring of outgoing mails from specific users or user groups.

  • Recipients: Select this option to monitor or exclude monitoring of emails sent to specific recipients. The recipients can be a user or a user group. Additionally, you can also choose to exclude an entire domain. All the emails sent to the mail IDs of the excluded domain(s) are not monitored by Nightfall.

Key principles and Priority Order in Which Filters are Evaluated

Key Principles:

  • Exclusions are evaluated before inclusions

  • Recipient filters are validated before the sender filters

  • User-level filters take priority over group-level filters

  • Domain-level filters, for recipients, have the highest priority

  • If no filters match, the default action is to scan the email

Priority order for filters

Important

The following list represents both the order and priority in which filters are evaluated when multiple filters are configured in a policy. Filters higher on the list take precedence over those lower down.

  1. Recipient Domain Exclusions

  2. Recipient Domain Inclusions

  3. Recipient User Exclusions

  4. Sender User Exclusions

  5. Sender Group Exclusions

  6. Recipient User Inclusions

  7. Sender User Inclusions

  8. Sender Group Inclusions

  9. Default to scan all emails, if no other filters apply

Now, let's take a look at an example scenario to describe the behavior.

Example Scenario:

Let's examine how different filter configurations would affect this email:

  1. Recipient Domain Exclusions:

    • If configured: external-partner.com is excluded

    • Result: Email will still be scanned because not all recipients are in the excluded domain.

  2. Recipient Domain Inclusions:

  • If configured: external-partner.com is included

  • Result: Email will be scanned given one of the domain is included.

  1. Recipient User Exclusions:

  • If configured: ceo@company.com is excluded

  • Result: Email will still be scanned because not all recipients are excluded.

  1. Sender User Exclusions:

  • If configured: sender@company.com is excluded

  • Result: Email won't be scanned, regardless of recipients.

  1. Sender Group Exclusions:

  • If configured: Marketing group is excluded

  • Result: Email won't be scanned if sender is in the Marketing group.

  1. Recipient User Inclusions:

  • If configured: team@company.com is included

  • Result: Email will be scanned because at least one recipient is included.

  1. Sender User Inclusions:

  • If configured: sender@company.com is included

  • Result: Email will be scanned due to sender inclusion.

  1. Sender Group Inclusions:

  • If configured: Marketing group is included

  • Result: Email will be scanned if sender is in the Marketing group.

  1. Default to scan all emails:

  • If no other filters apply, the email will be scanned.

Notes:

  • The first matching filter as per the priority listed above determines if the email is scanned.

  • For recipient-based filters, ALL recipients must match for exclusions, but ANY match triggers inclusions such that the email is scanned.

This priority order ensures that the most specific and restrictive rules are applied first, allowing for precise control over email scanning while maintaining a clear hierarchy for conflict resolution when multiple filters are in place.

Configuring Senders

The Senders section is used to configure specific email IDs that must be monitored or excluded from monitoring. The mail IDs of individual users and user group mail IDs can be configured.

To configure the Sender section, you must select the Sender option by clicking the Add Filter drop-down menu.

Once you select the Sender option, you can configure Users and User groups.

Users Configuration

User Groups Configuration

Configuring Recipients and Domains

The Recipients and Domains section allows you to monitor or exclude monitoring of emails sent to specific recipients. Additionally, you can also exclude monitoring of an entire domain.

You can perform the following operations on the recipients section:

  • Monitor emails sent to specific recipients. Recipients can be internal/external or users/user groups.

  • Exclude monitoring of emails sent to specific recipients. Recipients can be internal/external or users/user groups.

  • Include or exclude monitoring of all the mails sent to the email IDs of a specific domain.

To configure the Recipient section, you must select the Recipients option by clicking the Add Filter drop-down menu.

Once you select the Recipient option, you must configure the internal and external Recipients, and the Domains sections.

Internal Recipients

External Recipients

  • Only Include: Select this option to monitor emails sent to specific external recipient email IDs. The email IDs can belong to a user or a user group. Once you select this option, you must also enter the email ID of users or group(s) and hit the enter key. All the emails sent to the external user or user group email IDs are monitored by Nightfall for sensitive data.

  • Exclude: Select this option to exclude the monitoring of emails sent to specific external recipient email IDs. The email IDs can belong to a user or a user group. Once you select this option, you must also enter the email ID of users or group(s) and hit the enter key. All the emails sent to the external user or user group email IDs are not monitored by Nightfall for sensitive data.

Domains

The Domains section allows you to include or exclude an entire domain from being monitored. All the mails sent to the email IDs of the excluded domain are not monitored by Nightfall. Similarly, all the emails sent to the email ID of the included domain are monitored by Nightfall.

  • Only Include: Select this option to monitor emails sent to specific domain(s). All the email IDs which belong to the included domain(s) are monitored by Nightfall. Once you select this option, you must also enter the domain name (example contoso.com) and hit the enter key. All the emails sent to email ID(s) that belong to the selected domain(s) are monitored by Nightfall for sensitive data.

  • Exclude: Select this option to exclude the monitoring of emails sent to specific domain(s). All the email IDs which belong to the excluded domain(s) are not monitored by Nightfall. Once you select this option, you must also enter the domain name (example contoso.com) and hit the enter key. All the emails sent to email ID(s) that belong to the excluded domain(s) are not monitored by Nightfall for sensitive data.

A marketing team member () sends an email to:

Monitor all: Select this option to monitor all the emails sent by users whose data was synced from an IdP through the feature.

Monitor specific: Select this filter to monitor all the emails being sent by specific user(s). Once you select this option, you must also select specific user(s) from the search bar. Nightfall populates the name and email IDs of all the users whose data was synced from an IdP through the feature. You must select the required users' mail IDs. All the emails sent by selected users are monitored by Nightfall for sensitive data.

Monitor all, except: Select this filter to exclude user(s). Emails sent by the excluded users are not monitored by the policy. Once you select this option, you must also select specific user(s) from the search bar. Nightfall populates the name and email IDs of all the users whose data was synced from an IdP through the feature. You must select the required user groups. The emails sent by selected users are not monitored by Nightfall.

Monitor all: Select this option to monitor all the emails sent by users whose data was synced from an IdP through the feature.

Monitor Specific: Select this option to monitor all the emails being sent from specific user group mail IDs. Nightfall populates the name and email IDs of all the user groups whose data was synced from an IdP through the feature. You must select the required user group mail IDs. All the emails sent from the selected user group mail IDs are monitored by Nightfall for sensitive data.

Monitor all, except: Select this option to exclude user group(s). Emails sent from the excluded user group mail IDs are not monitored by the policy. Once you select this option, you must also select specific user group(s) from the search bar. Nightfall populates the name and email IDs of all the user groups whose data was synced from an IdP through the feature. You must select the required user groups. The emails sent from the selected user group mail IDs are not monitored by Nightfall.

Only Include: Select this option to monitor emails sent to specific recipient email IDs which are generally part of your organization. The email IDs can belong to a user or a user group. Once you select this option, you must also select specific users or group(s) from the search bar. Nightfall populates the name and email IDs of all the users and user groups whose data was synced from an IdP through the feature. You must select the required user(s) and user group(s). All the emails sent to the selected user or user group email IDs are monitored by Nightfall for sensitive data.

Exclude: Select this option to exclude the monitoring of emails sent to specific recipient email IDs. The email IDs can belong to a user or a user group. Once you select this option, you must also select specific users or group(s) from the search bar. Nightfall populates the name and email IDs of all the users and user groups whose data was synced from an IdP through the feature. You must select the required user(s) and user group(s). All the emails sent to the selected user or user group email IDs are not monitored by Nightfall for sensitive data.

sender@company.com
team@company.com
ceo@company.com
contact@external-partner.com
Directory Sync
Directory Sync
Directory Sync
Directory Sync
Directory Sync
Directory Sync
Directory Sync
Directory Sync