When an end-user sends a message in Slack that has sensitive data, a violation is generated on the Nightfall Violations page. If the end-user edits the message, and removes the sensitive data, and a Nightfall admin (who is unaware that the end-user has edited the message), applies either the Redact, Delete, or the Quarantine action from the Nightfall Violations page or from the message received in any of the admin notification channels, the status of the Violation changes to either Redacted, Deleted, or Quarantined based on the action applied by the Nightfall admin. The violation log also records this action as <<action name> by <<user name>> - time.
The edit performed by the end-user has no impact.
However, once the deduplication feature is extended to the Slack integration, any action performed by any user, automatically changes the status of the violation accordingly.
Even after applying the actions, the Slack message history displays the redacted, deleted, and quarantined messages. This is a Slack limitation.
The Redact and the Quarantine actions are available only in the Slack enterprise edition.