With Google Drive, you can configure to remediate sensitive content, or may alert the end user to take remediation actions. This will depend on your organization’s needs and access settings for Google Drive.

Note: When notifying the file owner, directly after running a remediation action, you might encounter an error that says the file is “already in the process of being remediated.”

This is normal, as the remediation takes a bit of time to run, between 30 seconds to 2 minutes. Once that action is complete, the user could then be notified and the action should run smoothly.

Automated Remediation

You can configure the remediation actions that you would like to take automatically when a new policy violation is detected.

• Notify the file owner (via Slack/Email)

• Change link settings to restricted

• Change link setting to “Anyone in the organization with the link”

• Remove external users

• Remove internal users

• Note that available remediation options depend on the pre-existing link/sharing settings.

Notes:

• Authenticated Nightfall users can take remediation actions even if they don’t have access to the file within GDrive. (Unauthenticated users will not be able to take remediation actions).

• The Nightfall user can download the affected file from the alert, in cases where they don’t have access to the file within GDrive. Download actions will be logged in configured alert platforms.