This stage allows you to select notification channels if a policy violation occurs. The notification alerts are sent at two levels.

Admin Alerting

This section allows you to send notifications to Nightfall users. The various alert methods are as follows. You must first turn on the toggle switch to use an alert method.

The steps to configure alert channels for policy-level integration are the same as in the case of integration-level alerts. You can refer to this document for steps.

Automated Actions

Automated actions allow you to configure automated remediation actions when sensitive data is found in OneDrive. Nightfall supports the following automated actions for OneDrive DLP.

• Restrict to Owner: This action suspends the current file permissions and restricts the access of the file only to its owner.

• Delete Document: The action permanently deletes the file from OneDrive.

• Move to Recycle Bin: This action deletes the file from OneDrive. Users can recover the file from OneDrive's recycle bin.

To enable the automated actions you must turn on the respective toggle switch.

You can also set the timeframe as to when an automated action must be implemented. You can choose to implement the action immediately after discovering sensitive data or after some time has elapsed.

End-User Notifications

This section allows you to configure notifications to be sent to the end user whose actions triggered the violation.

Custom Message

Enter a custom message to be sent to the end user. This message is sent in an Email. You can modify the default message provided by Nightfall and draft your message. The total character length allowed is 1000 characters. You can also add hyperlinks in the custom message. The syntax is <link | text >. For example, to hyperlink www.nightfall.ai with the text Nightfall website, you must write <www.nightfall.ai|Nightfall website>.

Automation

The automation settings allow you to send notifications to end users. You can select one or both the notification methods. You can select either Email, Teams, or Slack as an automated notification method to notify the end-users. You must select the respective check box to use the notification method. You must first turn the toggle switch to use this option.

End-User Remediations

End-user remediation (also known as Human Firewall) allows you to configure remediation measures that end users can take, when a violation is detected on their OneDrive files. You must turn on the toggle switch to use this option. End-users receive the remediation actions either in an email, the selected Slack channel, or as a Teams messsage, as an action item. The available actions in that Email depend upon the actions that you select in this section. The various available remediation actions for end-users are as follows.

• Delete File: The action permanently deletes the file from OneDrive. You can use this action here only if it is not enabled in Automated Actions.

• Move to Recycle Bin: This action deletes the file from OneDrive. Users can recover the file from OneDrive's recycle bin. You can use this action here only if it is not enabled in Automated Actions.

• Restrict to Owner: This action suspends the current file permissions and restricts the access of the file only to its owner. You can use this action here only if it is not enabled in Automated Actions.

• Report as False Positive with Business Justification: This action allows end users to report false positive alerts and provide a business justification as to why the alert is considered to be false positive.

• Report as False Positive: This action allows end users to report false positive alerts.

When end-users report alerts as false positive, you can choose the resolution method to be either Automatic or manual.

If end-users do not take any remediation action, you can set the frequency at which they must receive the notifications to take action.