Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Nightfall Exfiltration
  • What is Data Exfiltration
  • Nightfall Detection Platform
    • Nightfall Detection Platform
  • Exfiltration Prevention for Google Drive
    • Installing Nightfall for Google Drive
    • Configuring Integration Alerts
    • Configuring Google Drive Policies
      • Google Drive App Selection
      • Scope
      • Trigger
      • Automated Actions
      • Creating Policy
    • Remediation for Google Drive Exfiltration
  • Exfiltration Prevention for Endpoint
    • Endpoint Exfiltration Prevention
    • Install Nightfall AI Agent for MAC OS
      • Manual Installation
      • Nightfall Agent Deployment with Kandji MDM
      • Nightfall Agent Deployment with Rippling MDM
      • Nightfall Agent Deployment with JAMF MDM
    • Install Nightfall AI Agent for Windows OS
      • Manual Installation
      • Nightfall Windows Agent Deployment: Rippling MDM
      • Nightfall Windows Agent Deployment: Generic MSI Deployment
    • Configuring Integration Alerts
    • Configuring Policies
      • MAC/Windows App Selection
      • Scope
      • Trigger
      • Advanced Settings
        • Admin Alerting
        • Automated Actions
        • End-User Notifications
      • Creating Policy
      • Remediation for MAC OS Policies
      • FAQs
      • Remediation for Windows OS Policies
  • Exfiltration Prevention for Salesforce
    • Nightfall Exfiltration for Salesforce
    • Installing Nightfall Exfiltration for Salesforce
    • Upgrading Nightfall DLP
    • Configuring Integration Alerts
    • Configuring Salesforce Exfiltration Policies
      • Salesforce App Selection
      • Scope
      • Trigger
      • Advanced Settings
      • Creating Policy
      • Remediation for Salesforce Exfiltration
Powered by GitBook
On this page
  • Prerequisites
  • Configure Alerts at the Integration Level
  • Configure End-User Notifications

Was this helpful?

Export as PDF
  1. Exfiltration Prevention for Endpoint

Configuring Integration Alerts

PreviousNightfall Windows Agent Deployment: Generic MSI DeploymentNextConfiguring Policies

Last updated 2 months ago

Was this helpful?

Nightfall for macOS and Nightfall for Windows OS allow you to configure alerts at the policy level and also at the integration level. Alerts can be sent in macOS and windows OS policies by using the following alert channels.

  • Slack

  • Email

  • Webhook

  • Jira Tickets

When you configure alert settings at the integration level, the alert settings apply to all the policies, created for the macOS/Windows OS integration. However, when you configure alert settings specifically for a policy, which is created in the macOS/Windows OS integration, the alert settings are applicable only for that specific policy.

Prerequisites

Configure Alerts at the Integration Level

You can configure alerts at the integration level once you have installed the Nightfall for macOS/ Nightfall for Windows OS integration.

To configure alerts at the integration level:

  1. Navigate to the macOS integration

  2. Scroll down to the Alerting section.

  3. You can configure one or multiple alert channels.

Configuring Slack as an Alert Channel

  1. To configure Slack as an alert channel, click + Slack channel.

  1. In the Slack alert channel field, enter the name of the Slack channel in which you wish to receive the alerts.

  2. Click Save.

A confirmation pop-up box is displayed to confirm if the Slack channel (entered in the second step) must be used only for macOS integration or all the Nightfall integrations.

  1. Select No, only integration level to use the Slack channel only for macOS, or select Yes, please to use the selected Slack channel for all the Nightfall integrations.

Configuring Email as an Alert Channel

  1. Click + Email.

  1. Enter the Email ID of the recipient who should receive the notifications.

  2. Click Save.

A confirmation pop-up box is displayed to confirm if the Email ID (entered in the second step) must be used only for macOS integration or all the Nightfall integrations.

  1. Select No, only integration level to use the Slack channel only for macOS, or select Yes, please to use the selected Slack channel for all the Nightfall integrations.

Configuring Webhook as an Alert Channel

  1. Click + Webhook.

  2. Enter the Webhook URL.

  3. Click Test. If the test result is not successful, check the Webhook URL.

  4. (Optional) Click Add Header to add headers.

  5. Click Save.

When you configure alerts to a Webhook, Nightfall AI sends occasional posts to:

  • To validate that the Webhook is properly configured before the policy is saved.

  • Periodically thereafter to ensure that the Webhook is still valid.

The response to the test Webhooks is 200 status code if successful.

An example of Webhook request is as follows.

{
  "service": "nightfall",
  "test": true,
  "timestamp": "2024-03-07T23:18:39Z"
}

This is part of alert event consumption and can be ignored.

Configuring JIRA as an Alert Channel

  1. Click + Jira Ticket.

  2. Select a JIRA project from the Jira Project drop-down menu.

  3. Select an issue type from the Issue Type drop-down menu.

  4. (Optional) Add comments to be added in the JIRA ticket.

  5. Click Save changes.

A confirmation pop-up box is displayed to confirm if the JIRA settings configured for the macOS integration must be applied to all the other Nightfall integrations too.

  1. Select No, only integration level to use the configurations only for macOS, or select Yes, please to use the selected JIRA configurations for all the Nightfall integrations.

Configure End-User Notifications

When a Violation occurs, Nightfall sends a notification to the end-user whose actions triggered the violation. While notifying the end-user, Nightfall also sends a text message. You can draft the text message to be sent to the end-user. This message applies to all the policies. Click Save changes once done.

This document explains how to configure alerts at the integration level. To learn about how to configure alerts at the policy level, read .

To use Slack as an alert platform, you must first perform the required Slack configurations. You can refer to to learn more about how to configure Slack as an Alert platform.

To use Webhook as an alert platform, you must first perform the required Webhook configurations. You can refer to to learn more about how to configure Webhook as an Alert platform.

To use JIRA as an alert platform, you must have the DLP for the JIRA app installed from the . You can read more about the DLP for JIRA integration .

this document
this document
Atlassian Marketplace
here
this document