Managing Gmail Violations
When an end user violates a policy in Gmail by sending out an Email with sensitive data, a notification is generated based on the notification settings configured by you in the policy configurations.
This document explains where you can find notifications on policy violations and what actions can be taken.
Nightfall Violations Page
To view the Nightfall violations page:
Navigate to the Violations page in Nightfall.
Apply filters to view only Gmail violations.
(Optional) To view historic alerts, set the date filter appropriately.
(Optional) Hover over a violation to view the severity of the violation (Likely, Very Likely). You can also check if a violation has active credentials.
Click on any Violation to view the details.
Click on any violation to view the exact data that caused the violation (highlighted in red). You can click Expand details to view further details.
Some of the important points from the detailed view are as follows (the numbers in the image are acronyms explained below).
1 - The sensitive data findings that were found in the Email. One finding was Highly Likely (highlighted in red) and the other was Likely (highlighted in yellow).
2 - The current status of the Violation. The various statuses for Gmail are as follows.
Blocked - The email was blocked.
Quarantined Email- The email has been quarantined.
Released Email - The email was delivered to the user even after it had sensitive data.
Attachment Deleted - The email was sent but the attachment was deleted since it contained sensitive data.
Processing - Nightfall is assessing the Email for sensitive data.
3- The nature of sensitive data found in the Email (API key in this case).
For more information on Violations, see Violations.
Email Notifications
If you have configured Email Notification in Admin Alerting, Nightfall admins receive the Email notification. This Email allows admins to take actions from within the Email.
If you have configured Email Notification in the Automation section of End user notification settings, end users receive an email from Nightfall. This notification allows end users to take remedial actions from within the Email. The available remedial actions depend on the settings configured in the end-user remediation section.
Last updated