Analyzing Salesforce Audit Results

Once the Nightfall audit is started, it is placed in the queue for scanning, with the status displayed as Queued. Once the scan begins, the status changes to Scanning. After the audit is completed, the status is updated to Completed. To stop an audit, click the ellipsis menu and select Stop.

To view the results of a specific audit, click the ellipsis menu for the desired audit and select View Results. This option displays the results of only the selected audit.

To view the results of all the audits, navigate to the Results tab. On the Results tab, you can apply filters to view the results of desired audits or directly select an audit from the drop-down menu.

Understanding Audit Event Content

The scan results display the following columns.

When you click a file, the following details are displayed.

• Integration: The name of the integration (Salesforce).

• Document Type: The type of the document in which sensitive data was found (text, audio, video)

• Account Type: The nature of the Salesforce tenant (production, sandbox).

• Location: The Salesforce object where a record with sensitive data is found.

• Detection Rules: The detection rules violated by the file.

• Last Edited: The data and time when the file was last edited.

• User Name: The last user who edited the file.

• Salesforce ID: The unique ID of the file assigned by Salesforce.

The following details related to sensitive data found in the file, are displayed.

• Detector: The name of the detector that was violated.

• Text Before: The text that appears before the sensitive data.

• Finding: The sensitive data found in the document with confidence level of the finding.

• Text After: The text that appears before the sensitive data (if present).