This workflow template, "Remove Public Links from Google Drive Detected by BigID," automatically addresses alerts triggered by BigID when sensitive information is discovered in publicly shared Google Drive files. It loops over the alerted files, removes any 'anyone with the link' sharing permissions, and notifies the user via Slack. If the user isn't found on Slack, it sends an update to a specified channel. This template enhances Application Security Operations by protecting sensitive data from unintended public access.
Trigger
BigID
Use Cases
Application Security Operations
Workflow Breakdown
Pull the list of files using the query that is provided as part of the alert from BigID
Loop over the files and verify if they are shared with a link in Google Drive
If a link is found, remove it from the file and update the user via Slack
If the user is not found in Slack, update the channel as specified in the Workflow Context
Vendors
Slack, Utils, Google Drive, BigID
Workflow Output
Removal of public links to sensitive files.