You can ignore a finding if it does not really have any sensitive information.

To ignore a finding,

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.

2. Click Ignore. Nightfall processes the action and the status is set to Ignored.

You can acknowledge a finding before taking any further action.

To acknowledge a finding,

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.

2. Click Acknowledge. Nightfall processes the action and the status is set to Acknowledged.

You can filter to view violations based on their status:

Nightfall provides for several actions that you may want to perform on a violation. The actions that are available can vary depending on the status of the violation or the integration type.

Note: The actions described here are manual actions that you need to perform when a violation is notified. Alternately, you can configure Nightfall for Automated Actions, which also vary depending on the type of integration.

You can perform some or all of the following actions from the violations dashboard:

• Ignore

• Acknowledge

• Notify Slack

• Notify Email

• Send to Jira

• Redact

• Quarantine

• Change Link Settings

• Mark as Private

• Disable Download

• Delete Attachment

• Delete

You can instantly act on a violation. To act,

1. Click the … (ellipsis) in the same row as the violation.

2. Select the action you want to perform from the list of actions.

Actions once performed are not reversible.

To delete a violation, you need admin access.

The following table details the actions available to each integration

Bulk Actions

Nightfall allows you to perform actions on a large set of violations. The Violations screen displays a maximum of 50 violations. With Bulk actions, you can choose to implement an action either on the 50 violations which are currently displayed on the screen or on all the violations including the 50 displayed on the violation screen.

Important: You can apply bulk action on a set of violations, only if all the violations belong to a specific integration. Hence, you must use the filter on the integraiton screen to view only those violations which belong to a specific integration.

For example, you can apply filter to display on violations reported by the Salesforce integration. Once you appl,y the filter to view only Salesforce integrations, you can then apply bulk action on all the Salesforce violations.

To use the Bulk actions feature:

1. Navigate to the Violations screen in Nightfall.

2. Apply an integration filter to view the list of violations which belong to a specific integration. You must select only a single integration. If you select multiple integrations, you cannot usd the Bulk actions feature.

1. Select the Finding check box. The 50 violations displayed on the screen are selected.

1. (Optional) You can also choose to select all of the violations that beloing to the filtered integration.

1. Select one of the actions to be performed on all the selected violations.

2. Click Confirm to proceed with the bulk action.

You can Notify a finding to a pre-configured Slack channel.

To Notify a Slack channel,

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.

2. Click Notify Slack. Nightfall processes the action and the status is set to Notified.

You can Notify a finding to a pre-configured Email address.

To Notify an email address

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.

2. Click Notify Email. Nightfall processes the action and the status is set to Notified.

You can send a violation to Jira as a ticket for easier tracking and resolution.

Note:

• If you have Jira implemented, this feature already exists.

• You must install Jira as an alerting platform to be able to use this functionality.

To send a violation to Jira,

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.
2. Select Send to Jira. A Create Ticket in Jira pop up displays.

   1. Select the Project.

   2. Select the Issue Type.

   3. Enter a name for the issue.

   4. Enter any comments if required.

3. Click Send to Jira. The violation finding is now converted to a Jira ticket and is assigned to a user to resolve the issue from within Jira.

You can Quarantine a finding or an attachment.

To Quarantine,

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.

2. Click Quarantine. Nightfall processes the action by moving the object that contains sensitive information, and the status is set to Quarantined.

You need Admin permissions to retrieve Quarantined findings.

You can Redact sensitive information within a finding.

To Redact,

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.

2. Click Redact. Nightfall processes the action by masking all sensitive information within the finding, and the status is set to Redacted.

There are two options for remediation of Google Drive files with violations:

1. File Sharing Permissions

Controlling the file sharing permissions is the first step for Google Drive file remediation. You should first attempt to understand where this file has already been shared. From here, the goal is to restrict the file sharing as much as possible, especially externally. Following the workflow below is recommended, and should provide insight into the steps needed to ensure full remediation.

2. Shared Link Settings

The next step is control the sharing settings of the link. For Google Drive files, there are three options for link sharing settings - Restricted, Anyone in the organization with the link, or Anyone with the link.

The goal for remediation in this case, will be to first understand whether or not this file can be shared publicly, or can be shared to the level that it has been. The general rule of thumb to follow is that if the file link sharing setting can be restricted, then it should be restricted.

You can change the link settings to a drive or file so it is not accessible anymore

To change link settings,

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.
2. Click Change Link Settings. Select the restriction and click Change.
3. Nightfall processes the action by changing the link settings to the drive or file that contains sensitive information, and the status is set to Link Settings changed.

You can Mark as Private a finding so it is not public anymore.

To Mark as Private,

1. Click the ellipsis on the right of the finding. A set of task options display in the menu.

2. Click Mark as Private. Nightfall processes the action by moving the object that contains sensitive information, and the status is set to Marked as Private.

You can delete the attachment to an email or a download when the attachment has sensitive or corrupt information that has the potential to harm other information within your instance.

You can disable download of attachment that is part of a finding. This can happen when th

You can delete a finding from the violations dashboard. Deleting in Slack, Jira deletes the entire message or ticket comment. Deleting in Salesforce only deletes the sensitive token within the record which is replaced with a confirmation message for the end-user.