Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Nightfall Exfiltration
  • What is Data Exfiltration
  • Nightfall Detection Platform
    • Nightfall Detection Platform
  • Exfiltration Prevention for Google Drive
    • Installing Nightfall for Google Drive
    • Configuring Integration Alerts
    • Configuring Google Drive Policies
      • Google Drive App Selection
      • Scope
      • Trigger
      • Automated Actions
      • Creating Policy
    • Remediation for Google Drive Exfiltration
  • Exfiltration Prevention for Endpoint
    • Endpoint Exfiltration Prevention
    • Install Nightfall AI Agent for MAC OS
      • Manual Installation
      • Nightfall Agent Deployment with Kandji MDM
      • Nightfall Agent Deployment with Rippling MDM
      • Nightfall Agent Deployment with JAMF MDM
    • Install Nightfall AI Agent for Windows OS
      • Manual Installation
      • Nightfall Windows Agent Deployment: Rippling MDM
      • Nightfall Windows Agent Deployment: Generic MSI Deployment
    • Configuring Integration Alerts
    • Configuring Policies
      • MAC/Windows App Selection
      • Scope
      • Trigger
      • Advanced Settings
        • Admin Alerting
        • Automated Actions
        • End-User Notifications
      • Creating Policy
      • Remediation for MAC OS Policies
      • FAQs
      • Remediation for Windows OS Policies
  • Exfiltration Prevention for Salesforce
    • Nightfall Exfiltration for Salesforce
    • Installing Nightfall Exfiltration for Salesforce
    • Upgrading Nightfall DLP
    • Configuring Integration Alerts
    • Configuring Salesforce Exfiltration Policies
      • Salesforce App Selection
      • Scope
      • Trigger
      • Advanced Settings
      • Creating Policy
      • Remediation for Salesforce Exfiltration
Powered by GitBook
On this page
  • Browser Uploads
  • Cloud Sync App Uploads

Was this helpful?

Export as PDF
  1. Exfiltration Prevention for Endpoint
  2. Configuring Policies

Trigger

PreviousScopeNextAdvanced Settings

Last updated 2 months ago

Was this helpful?

Once you zero down the policy Scope to the required devices and originating domains, you must now define the trigger actions that can be termed as exfiltration events.

Nightfall provides you two types of triggers that you can set as exfiltration events.

  • Browser Uploads: In this section, if an asset is uploaded through a browser to an online portal (for example social media website), you can define such events as exfiltration events.

  • Cloud Syncing: In this section, if an asset is uploaded to an online cloud store application (for example Google Drive), you can define such events as exfiltration events.

The steps to use the above triggers are elaborated in the following sections.

Browser Uploads

Ensure that you have configured before using the use the browser uploads option.

To monitor browser uploads:

  1. Select the Browser uploads to option.

  1. Select one of the following options.

  • Any Domain: If you select this option, Nightfall monitors your uploads done to any domain on the Internet.

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Cloud Sync App Uploads

In this option, you can either choose to monitor uploads done to every cloud sync app or select specific cloud sync apps to which the uploads must be monitored.

  1. Select the Cloud Syncing to option.

  2. Select one of the following options.

  • Any Storage Apps: If you select this option, Nightfall monitors the uploads done to every cloud sync storage applications.

  • Specific Storage App(s): If you select this option, you must additionally select the storage apps. Nightfall monitors the uploads done to the selected storage apps.

Once you select a cloud storage application, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional cloud storage apps.

The Cloud syncing monitoring is currently applicable only to MAC OS based devices.

Domain in: If you select this option, you must additionally also select the domain collections, created in the section. Nightfall monitors the uploads done to all the domains that belong to the selected domain collections.

Domain Not in: If you select this option, you must additionally also select the domain collections, created in the section. Nightfall does not monitor the uploads done to all the domains that belong to the selected domain collections.

domain collections
domain collections
domain collections