Encryption Events Page

The Encryption events page displays all the encryption events registered by Gmail. An event is triggered when an encryption policy is violated. To learn more about configuring encryption policies, refer to the Creating Policies for Encryption document.

Important

An encryption event is generated only when both of the following conditions are met.

Nightfall admin creates one or more encryption policies.
An end-user (who matches the scope for at least one of the policies) sends an email with encryption enabled.

To navigate to the encryption events page in Nightfall, click Data Encryption from the left menu.

Once you land on the Encryption page, Nightfall displays the encryption events for the last 7 days. You can view that the date filter also displays Last 7 Days.

To view the historic encryption events, click the date filter, set the required time period and click Apply.

Events Columns

The encryption events page consists of the following columns.

Column Name	Description
Name	The subject line of the email that triggered the event. If the email was sent without a subject, this column name will also remain blank.
Source	The email ID from which the email was sent.
Destination	The email ID(s) to which the email was sent.
When	The time elapsed since the email was sent.
Status	The current status of the email. The status depends on the taken on the email. The status is automatically updated in another case too. If a Nightfall admin takes an action from Email or Slack , the status is automatically updated.

Column Name

Description

Name

The subject line of the email that triggered the event. If the email was sent without a subject, this column name will also remain blank.

Source

The email ID from which the email was sent.

Destination

The email ID(s) to which the email was sent.

When

The time elapsed since the email was sent.

Status

The current status of the email. The status depends on the taken on the email. The status is automatically updated in another case too. If a Nightfall admin takes an action from Email or Slack , the status is automatically updated.

Searching Events

The Events encryption page provides a search bar. You can use the search operators to search a specific event. Nightfall provides multiple operators to search. When you click the search bar, five operators are displayed. You can click the View all operators button to view all the available search operators.

For example, you can use the user_email search operator to search for events that were generated as a result of emails sent by a specific sender. In the following image the user_email operator is used to search for events generated by a user whose mail ID is max@starwoodhealth.com.

The complete list of search operators provided by Nightfall are as follows.

General Operators

Integration_name

This operator allows you to search events that belong to a specific integration. For example Gmail.

User_name

This operator allows you to search events based on the user name of the sender.

state

This operator allows you to search events based on their status.

user_email

This operator allows you to search events that were generated as a result of emails sent from a specific email ID.

Gmail Operators

gmail.bcc

This operator allows you to search events that were generated as a result of emails sent by including a specific mail ID in the BCC field.

gmail.from

This operator allows you to search events that were generated as a result of emails sent from a specific email ID.

gmail.to

This operator allows you to search events that were generated as a result of emails sent to a specific email ID.

gmail.cc

This operator allows you to search events that were generated as a result of emails sent by including a specific mail ID in the CC field.

gmail.subject

This operator allows you to search events that were generated as a result of emails sent by including a specific subject in the Subject field of the email.

gmail.user_name

This operator allows you to search events based on the gmail user name of the sender.

Actions

The actions menu allows you to take appropriate actions on the events. When you initiate an action on an event, the status of the event changes accordingly. For instance, if you apply the encrypt action, the email that triggered the event is encrypted and the status of the event changes to Encrypted.

You can apply an action from the ellipsis menu on the Events page

Alternatively, you can also apply an action from the Event Detail View page.

The actions that you can perform on an encryption Event are as follows.

Set Expiration

This action allows you to set an expiration date for the email Recipients cannot view the email after the set expiration period. If an expiration period is already set by the end-user or through automated actions, you can still override the expiration period and set a new expiration period.

Disable Forward

This action disables the recipient's ability to forward emails.

Persistent Protection

This action prevents end-users from downloading any attachments or copying the contents of the attachments.

Resolve

This action resolves the Event. You must apply this action when a suitable remediation action has been implemented.

Event Detail View

The Event detail view page displays various details of a specific event. You must click the required event to open the detail view window. The Event detail view displays the following details.

Field Name	Details
Send Date	The date and time when the Email was sent.
Subject	The subject of the Email. If no subject was added, this field is blank.
From	The email ID of the user who sent the Email.
To	The email ID(s) of the recipients.
Cc	The email ID(s) of the users who were included in the Cc field. If no user was added to the Cc field, this field displays n/a.
Bcc	The email Id(s) of the users who were included in the Bcc field. f no user was added to the Bcc field, this field displays n/a.
Attachments	The name of the attachments added to the email. If no attachments were added to the email, this field displays n/a.
Disable Forwarding	This field displays No if Email forwarding is disabled. If Email forwarding is enabled, it displays Yes.
Persistence Protection	This field displays No if Persistence protection is disabled. If Persistence protection is enabled, it displays Yes.
Expiration Time	If expiration is set, the expiration date and time is displayed. If expiration is not set, this field displays a hyphen.
Revoke all recipients	This field displays No if access is not revoked for all the users.
Revoke Emails List	This field displays the email ID(s) of the users to whom the access is revoked. This field displays n/a if access is not revoked for any of the users.
Unrevoke Emails List	This field displays the email ID(s) of the users to whom the access is restored after being revoked previously. This field displays n/a if access is not restored for any of the users.

Field Name

Details

Send Date

The date and time when the Email was sent.

Subject

The subject of the Email. If no subject was added, this field is blank.

From

The email ID of the user who sent the Email.

The email ID(s) of the recipients.

The email ID(s) of the users who were included in the Cc field. If no user was added to the Cc field, this field displays n/a.

Bcc

The email Id(s) of the users who were included in the Bcc field. f no user was added to the Bcc field, this field displays n/a.

Attachments

The name of the attachments added to the email. If no attachments were added to the email, this field displays n/a.

Disable Forwarding

This field displays No if Email forwarding is disabled. If Email forwarding is enabled, it displays Yes.

Persistence Protection

This field displays No if Persistence protection is disabled. If Persistence protection is enabled, it displays Yes.

Expiration Time

If expiration is set, the expiration date and time is displayed. If expiration is not set, this field displays a hyphen.

Revoke all recipients

This field displays No if access is not revoked for all the users.

Revoke Emails List

This field displays the email ID(s) of the users to whom the access is revoked. This field displays n/a if access is not revoked for any of the users.

Unrevoke Emails List

This field displays the email ID(s) of the users to whom the access is restored after being revoked previously. This field displays n/a if access is not restored for any of the users.

Encryption Event History

The event history section is a log book for the Events. It displays the series of actions that were taken. By default, the first log message recorded is the Event creation and the second log message displays that the email was encrypted by the sender.

Once the recipient decrypts the Email and view it, a new log message is displayed as follows.

As you perform various actions on the Email or the Event, the log message is recorded for each action as follows.

At the end of the event section, Nightfall provides a text box. You can add comments in the text box and save them for future use. You can add a maximum of 300 characters in the text box.

PreviousNightfall Encryption - Recipient Experience

Last updated 5 days ago