Scope
The Scope section enables you to create an asset lineage based policy in which you can track the journey of an asset from source to destination.
Key Features of Lineage Based Policies
Security administrators can set precise exfiltration policies to protect sensitive files that originate from high-value SaaS locations from being exfiltrated to unsanctioned destinations
High performance security teams can focus their energy and resources on monitoring assets from high value SaaS domains.
By combining content download origin to upload destination, organizations can extend their monitoring to cover any cloud application accessed through the browser, even those without direct API integration.
Allows security teams to monitor and prevent data exfiltration not just through direct browser uploads but also through cloud storage sync applications, providing a multi-layered defense against data leaks.
With lineage-based policies, organizations can proactively identify and manage risks associated with sensitive content movement, ensuring compliance with data security standards and preventing potential breaches before they occur.
Configuring the Scope Page
The Scope page consists of the following sections.
Operating Systems
This section allows you to select the operating systems to which the policy must be scoped. Nightfall supports the Microsoft's Windows and Apple's MAC operating systems. You can either choose any one of the operating system or both the operating systems, based on your organization's requirements. You must click the check box of the respective operating system to include it in the scope of the policy. All the devices that belong to the selected operating system(s) are monitored by Nightfall.
Kindly note that some of the advanced policy features like Content Scanning, Filters, and automated actions are not yet available on Windows—but stay tuned, as we’re working to bring these capabilities soon!
Devices
By default, Nightfall monitors all the devices that belong to the selected operating system(s). However, you can choose to exclude trusted devices from being monitored. The Exclude Devices section consists of a drop-down menu. This menu lists all the devices that belong to the selected operating system(s). You can select the devices that you wish to exclude from being monitored.
Content Scanning
To use this feature, you must first select the On option from the drop-down menu and then select the required Nightfall detectors.
Filters
The filters section provides you the flexibility to include and exclude users at a granular level. Once you select the operating system and the devices to be monitored, you can further drill down your scope by using filters. You can apply filters to only monitor assets downloaded from specific domains. Conversely, you can also choose to exclude the monitoring of assets downloaded from specific domains. Additionally, you can also apply filters to only monitor or exclude the monitoring of assets downloaded by specific high risk, like departing users, or function user groups, like HR, Finance or Engineering.
Asset Origin
The Asset Origin filter allows you to limit the scope of the policy to only those assets which originated from a specific source. To use the asset origin filter, you must click Add Filter and select Asset Origin.
The Asset Origin filter provides the following options:
Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.
Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.
Internal Users
Internal Groups
Last updated
Was this helpful?