Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Nightfall Exfiltration
  • What is Data Exfiltration
  • Nightfall Detection Platform
    • Nightfall Detection Platform
  • Exfiltration Prevention for Google Drive
    • Installing Nightfall for Google Drive
    • Configuring Integration Alerts
    • Configuring Google Drive Policies
      • Google Drive App Selection
      • Scope
      • Trigger
      • Automated Actions
      • Creating Policy
    • Remediation for Google Drive Exfiltration
  • Exfiltration Prevention for Endpoint
    • Endpoint Exfiltration Prevention
    • Install Nightfall AI Agent for MAC OS
      • Manual Installation
      • Nightfall Agent Deployment with Kandji MDM
      • Nightfall Agent Deployment with Rippling MDM
      • Nightfall Agent Deployment with JAMF MDM
    • Install Nightfall AI Agent for Windows OS
      • Manual Installation
      • Nightfall Windows Agent Deployment: Rippling MDM
      • Nightfall Windows Agent Deployment: Generic MSI Deployment
    • Configuring Integration Alerts
    • Configuring Policies
      • MAC/Windows App Selection
      • Scope
      • Trigger
      • Advanced Settings
        • Admin Alerting
        • Automated Actions
        • End-User Notifications
      • Creating Policy
      • Remediation for MAC OS Policies
      • FAQs
      • Remediation for Windows OS Policies
  • Exfiltration Prevention for Salesforce
    • Nightfall Exfiltration for Salesforce
    • Installing Nightfall Exfiltration for Salesforce
    • Upgrading Nightfall DLP
    • Configuring Integration Alerts
    • Configuring Salesforce Exfiltration Policies
      • Salesforce App Selection
      • Scope
      • Trigger
      • Advanced Settings
      • Creating Policy
      • Remediation for Salesforce Exfiltration
Powered by GitBook
On this page
  • Verify Connection
  • Create Domain Collections
  • Creating Policy

Was this helpful?

Export as PDF
  1. Exfiltration Prevention for Endpoint

Configuring Policies

PreviousConfiguring Integration AlertsNextMAC/Windows App Selection

Last updated 1 month ago

Was this helpful?

The Exfiltration policies for MAC and Windows OS allow you to monitor if there are any uploads via browser or cloud storage apps. You can configure the domains in Internet that needs to be monitored and also the cloud storage apps which need to be monitored.

When there are any uploads to the configured domain or cloud storage apps, the Nightfall AI agent notifies this action. You can configure the notification channels through which you wish to receive notifications when there is an attempt to upload files/folders.

Verify Connection

Once you have completed the installation of Nightfall agent, you must ensure that the connection is live. If the Nightfall agent cannot connect to the macOS or the Windows OS device for more than 6 hours, the connection is closed. When the connection is live, a Connected message is displayed. If the connection is lost, Disconnected message is displayed.

Create Domain Collections

Collections help you refine your monitoring to reduce noise from sanctioned upload destinations as well as closely monitor exfiltration of files originating from high value SaaS applications accessed through the browser. You can also define specific domain collections to closely monitor upload activity to specific categories of upload destinations. For instance, to track files uploaded to social media, you can create a domain collection called social media and add domains like Facebook, Instagram, Twitter, and so on. Similarly, you create a collection for known and sanctioned upload destinations that are safe to upload to so you can ignore from your monitoring policies or monitor upload of items originating from such domains. While creating a policy, you can directly add the collection to be monitored. All the domains in the collection will be monitored.

You can create a domain by either manually entering all the domain URLs manually or by uploading a comma delimited list of domains in a text file.

To group domains:

  1. Log in to the Nightfall app.

  2. Navigate to Integrations from the left menu.

  3. Click Manage on the macOS/Windows OS integration.

  1. Click the Domains tab.

  1. Click + New Collection.

You can either add the domains manually or upload a text file containing the list of domains. The following section has two tabs. The first explains the process of manually adding domains and the second tab explains adding domains by uploading a file.

  1. Click + Add Domain.

  1. Enter a name for the Collection in the Collection Name field (Social Media in the following image)

  2. Enter a domain and hit the enter key (facebook.com in the following image).

Important

When you add a domain, the sub domain is not included automatically. For instance, if you add abcd.com, docs.abcd.com is not included. To include subdomains, you must enter the full URL containing the subdomain. If you have multiple subdomains, you can use the asterisk wildcard (*) and enter the domain as *.abcd.com

  1. (Optional) Click + Add Domain to add multiple domains to the collection.

  2. (Optional) Click the delete icon to delete a domain.

  3. Click Save Changes.

  1. Enter a name for the Collection in the Collection Name field.

  2. Click Upload.

  1. Browse and upload the text file containing the list of domains.

All the domains must be separated by a comma. The file must have a .txt extension.

Once you upload the file, the list of domains present in the file are displayed as follows.

Important

When you add a domain, the sub domain is not included automatically. For instance, if you add abcd.com, docs.abcd.com is not included. To include subdomains, you must enter the full URL containing the subdomain. If you have multiple subdomains, you can use the asterisk wildcard (*) and enter the domain as *.abcd.com

  1. (Optional) To add more Domains to the Collection, you can either click + Add Domain and enter the domain manually, or click Upload txt and upload another text file containing domains.

  2. (Optional) Click the delete icon to remove a domain from the Collection.

  3. Click Save Changes.

Creating Policy

The detailed steps to configure the MAC OS/ Windows OS device Exfiltration policy is explained in the following documents.

  • MAC/Windows App Selection

  • Scope

  • Trigger

  • Advanced Settings

  • Creating Policy

  • Remediation for MAC OS Policies

  • Remediation for Windows OS Policies