Configuring Salesforce Exfiltration Policies

Exfiltration policies allow you to monitor download events across your Salesforce environment. Through real-time download monitoring, you can identify insider risk and anomalous behaviour before it escalates to large scale security incidents. The following are supported and monitored by Nightfall for exfiltration activities,

  • Attachments & Files

  • Reports

  • Records & Objects

Download of any of the above information containers is an exfiltration activity for Nightfall, and if such activities breach a threshold set in one of the exfiltration policies in Nightfall, then Nightfall will flag it an exfiltration event. You can configure which users should receive notifications and what automatic actions must be taken when an exfiltration event is detected.

The detailed steps to configure the Salesforce Exfiltration policy is explained in the following documents.

Integration

Scope

Trigger

Advanced Settings

Creating Policy

Remediation for Salesforce Exfiltration

Last updated