Trigger

Last updated 19 days ago

Was this helpful?

Trigger

Once you zero in on the policy Scope to the required devices and originating domains, you must now define the trigger actions that can be termed as exfiltration events.

Nightfall provides you with three types of triggers that you can set as exfiltration events.

Browser Uploads: In this section, if an asset is uploaded through a browser to an online portal (for example, a social media website), you can define such events as exfiltration events.
Cloud Syncing: In this section, if an asset is uploaded to an online cloud store application (for example, Google Drive), you can define such events as exfiltration events.
Clipboard Paste: In this section, if data is copied from a source and pasted to a destination, you can define such events as exfiltration events.

The steps to use the above triggers are elaborated in the following sections.

Browser Uploads

Ensure that you have configured before using the browser uploads option.

To monitor browser uploads:

Select the Browser uploads to option.

Select one of the following options.

Any Domain: If you select this option, Nightfall monitors your uploads done to any domain on the Internet.

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Once you select a domain collection from the drop-down menu, it is displayed on the screen and grayed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Cloud Sync App Uploads

In this option, you can either choose to monitor uploads done to every cloud sync app or select specific cloud sync apps to which the uploads must be monitored.

Select the Cloud Syncing option.
Select one of the following options.

Any Storage Apps: If you select this option, Nightfall monitors the uploads done to every cloud sync storage application.
Specific Storage App(s): If you select this option, you must additionally select the storage apps. Nightfall monitors the uploads done to the selected storage apps.

Once you select a cloud storage application from the drop-down menu, the selected option is displayed on the screen and grayed out from the drop-down menu. You can use the drop-down menu to select additional cloud storage apps.

The Cloud syncing monitoring is currently applicable only to MAC OS based devices.

Clipboard Paste

In this option, you can choose to monitor the copy/paste actions performed by end-users. If end-users copy some data and paste it to unsanctioned locations.

A typical example of this trigger can be a scenario in which an end-user copies an API key and pastes it in a ChatGPT/Deepseek prompt while attempting to generate a piece of code.

Select the Paste To option.
Select one of the following options.
1. Any Domain: If you select this option, Nightfall monitors your paste actions performed on any domain on the Internet.

PreviousScope NextAdvanced Settings

Last updated 19 days ago

Was this helpful?

Once you zero in on the policy Scope to the required devices and originating domains, you must now define the trigger actions that can be termed as exfiltration events.

Nightfall provides you with three types of triggers that you can set as exfiltration events.

Browser Uploads: In this section, if an asset is uploaded through a browser to an online portal (for example, a social media website), you can define such events as exfiltration events.
Cloud Syncing: In this section, if an asset is uploaded to an online cloud store application (for example, Google Drive), you can define such events as exfiltration events.
Clipboard Paste: In this section, if data is copied from a source and pasted to a destination, you can define such events as exfiltration events.

The steps to use the above triggers are elaborated in the following sections.

Browser Uploads

Ensure that you have configured before using the browser uploads option.

To monitor browser uploads:

Select the Browser uploads to option.

Select one of the following options.

Any Domain: If you select this option, Nightfall monitors your uploads done to any domain on the Internet.
Domain in: If you select this option, you must additionally also select the domain collections created in the section. Nightfall monitors the uploads done to all the domains that belong to the selected domain collections.

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Domain Not in: If you select this option, you must additionally also select the domain collections created in the section. Nightfall does not monitor the uploads done to all the domains that belong to the selected domain collections.

Cloud Sync App Uploads

In this option, you can either choose to monitor uploads done to every cloud sync app or select specific cloud sync apps to which the uploads must be monitored.

Select the Cloud Syncing option.
Select one of the following options.

Any Storage Apps: If you select this option, Nightfall monitors the uploads done to every cloud sync storage application.
Specific Storage App(s): If you select this option, you must additionally select the storage apps. Nightfall monitors the uploads done to the selected storage apps.

The Cloud syncing monitoring is currently applicable only to MAC OS based devices.

Clipboard Paste

In this option, you can choose to monitor the copy/paste actions performed by end-users. If end-users copy some data and paste it to unsanctioned locations.

A typical example of this trigger can be a scenario in which an end-user copies an API key and pastes it in a ChatGPT/Deepseek prompt while attempting to generate a piece of code.

Select the Paste To option.
Select one of the following options.
1. Any Domain: If you select this option, Nightfall monitors your paste actions performed on any domain on the Internet.
2. Domain in: If you select this option, you must additionally also select the domain collections created in the section. Nightfall monitors the uploads done to all the domains that belong to the selected domain collections. The process of domain selection remains the same as demonstrated in the case of theBrowser Uploads section.
3. Domain Not in: If you select this option, you must additionally also select the domain collections created in the section. Nightfall does not monitor the uploads done to all the domains that belong to the selected domain collections.