When a Violation is registered, a Nightfall admin can take suitable action on the registered violation. The action(s) performed on a Violation ensures that the prevention of sensitive data leakage. Nightfall provides a set of actions that the Nightfall admin can implement. The actions vary for each integration. You can implement an action on a Violation from the Violation list view of Violation detail view.

When a new violation is registered, by default, the Violation is assigned the Active status and you can find it under the Active tab. The Pending tab displays the list of violations on which you have taken some action but have not yet resolved them. The Resolved tab displays the list of violations that have been resolved.

You can apply an action on a Violation either from the Violation list view page or the Violation details page, as displayed in the following image.

Violations Actions

The list of Actions provided by Nightfall are as follows.

Ignore

This action moves the violation to the Ignored tab. For Google Drive, you can choose to Ignore multiple existing Violations or future violations simultaneously. To learn more about the Ignore all feature in Google Drive, see Managing Google Drive Violations (step 5).

Acknowledge

Acknowledge action sends an email alert about the policy violation to the email account associated with your login.

Notify

This action allows you to notify end users about the violation. The notification can be via Slack, Email or MS Teams (varies for each integration)

Send to JIRA

This action allows you to select a JIRA project and create a ticket for this violation.

Redact

This action redacts the sensitive data found.

Quarantine

This action temporarily moves files or sensitive data from the original place in which it was discovered to a quarantined Nightfall space for further review. You can restore the quarantined items or permanently remove them by approving or rejecting them through Nightfall alerts.

Change Link Settings

This action modifies the link setting to anyone signed in to an account in your organization to use the link to your file.

Disable Download

This action applies to Google Drive integration and disables download, print, and copy actions for Commenter and Viewer roles. Editor roles will retain all actions.

Delete Attachment

This action deletes the attachment with sensitive tokens in a ticket comment (public replies and internal notes). You cannot revert this action.

Mark as Private

This action modifies the permissions of a ticket comment from a public reply to an internal note. Converting to an internal note means the ticket comment will no longer be visible to the end user. This action is permanent.

Remove Access

This action removes the page from the web and/or removes guest access to the page. This action is active when it applies to the page at the time of the violation

Notify GitHub

This action is specific to the GitHub integration and sends a notification to GitHub about the violation.

Resolve

This action marks the violation as resolved. You can revert this action.

Actions Supported for each Integration

The following table displays the list of all the Nightfall integrations and the Actions supported for each of these integrations.