Configure Scan Rule

The Scan rule is used to select emails for scanning. This rule adds a Nightfall header to all the emails that are to be scanned.

Important

It is mandatory for you to create the scan rule.

The Nightfall Gmail installation console consists of various settings as shown in the following image. The configuration of these settings is explained in this and the following documents.

Create Scan Rule

To create Scan rule:

  1. Login to your Google Workspace with an admin account.

  2. Click the menu icon.

  3. Select Admin.

  1. In the left menu, expand Apps and then expand Google Workspace.

  2. Click Gmail.

  1. Scroll down and click Compliance.

  1. Scroll down to the Content Compliance section and click ADD ANOTHER RULE. (If you have not created any Compliance rule previously, the button might be displayed as CONFIGURE).

  1. Enter a name for the compliance rule.

  2. Select Outbound and Internal - Sending checkboxes in the Email messages to affect section.

If you select only the Outbound check box, only those emails that are routed out of your organization to external domains are scanned. If you wish to scan internal emails which are sent between employees of your organization, you must select the Internal - Sending check box.

  1. Select the If ALL of the following match the message option.

  1. Click ADD.

  1. In the Add setting dialog box, select the Advanced Content match option.

  1. In the Location drop-down menu, select Sender header.

  1. In the Match type drop-down menu select Matches Regex.

  1. In the Regexp field, enter a regular expression to match your organization. For instance, if your organization name is Contoso.com, you can create the regular expression as .*@contoso\.com$

  2. Click Save.

Configure Compliance Rule

This sub-section helps you create a Compliance rule to monitor emails.

  1. Click Add.

  1. Select Advanced content match in the drop-down menu.

  1. In the Location drop-down menu, select Full headers.

  1. In the Match type drop-down menu select Not Contains text.

  1. In the Content field enter x-nightfall-scanned. x-nightfall-scanned is a header that is added to emails that Nightfall scans. This condition ensures that all unscanned emails go through the scanning process.

  2. Click SAVE.

The condition expression is created as follows. This expression ensures that all the emails that are not yet scanned by Nightfall pass the scanning process.

Create Rules to Route Emails for Scanning

You must now configure rules to route the email towards Nightfall for scanning.

  1. In stage 3, select Modify message.

  1. Under the Headers section, select the Add X-Gm-Original-To header check box.

  2. Under the Envelope recipient section, select the Change envelope recipient check box.

  1. In the Replace recipient field, enter dlp@secure.nightfall.ai. This is the email address to which emails must be routed for scanning.

Obtain Company UUID

The company UUID is required in the next section while adding custom headers.

To obtain Company UUID:

  1. Login to your Nightfall console.

  2. Click Gmail under MY INTEGRATIONS.

  1. Scroll down to the Messaging Modification section and copy the Nightfall UUID value.

Add Custom Headers

This sub-section helps you create custom headers.

  1. Select the Add custom headers check box.

  1. Click ADD.

There are two fields; Header key and Header value.

  1. In the Header key field enter x-nightfall-id

  2. In the Header value field, paste the Company UUID.

  1. Scroll down and select the Require secure transport (TLS) check box.

  2. Click Save.

PreviousConfigure Compliance RulesNextConfigure Quarantine Rule

Last updated