Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Nightfall Exfiltration
  • What is Data Exfiltration
  • Nightfall Detection Platform
    • Nightfall Detection Platform
  • Exfiltration Prevention for Google Drive
    • Installing Nightfall for Google Drive
    • Configuring Integration Alerts
    • Configuring Google Drive Policies
      • Google Drive App Selection
      • Scope
      • Trigger
      • Automated Actions
      • Creating Policy
    • Remediation for Google Drive Exfiltration
  • Exfiltration Prevention for Endpoint
    • Endpoint Exfiltration Prevention
    • Install Nightfall AI Agent for MAC OS
      • Manual Installation
      • Nightfall Agent Deployment with Kandji MDM
      • Nightfall Agent Deployment with Rippling MDM
      • Nightfall Agent Deployment with JAMF MDM
    • Install Nightfall AI Agent for Windows OS
      • Manual Installation
      • Nightfall Windows Agent Deployment: Rippling MDM
      • Nightfall Windows Agent Deployment: Generic MSI Deployment
    • Configuring Integration Alerts
    • Configuring Policies
      • MAC/Windows App Selection
      • Scope
      • Trigger
      • Advanced Settings
        • Admin Alerting
        • Automated Actions
        • End-User Notifications
      • Creating Policy
      • Remediation for MAC OS Policies
      • FAQs
      • Remediation for Windows OS Policies
  • Exfiltration Prevention for Salesforce
    • Nightfall Exfiltration for Salesforce
    • Installing Nightfall Exfiltration for Salesforce
    • Upgrading Nightfall DLP
    • Configuring Integration Alerts
    • Configuring Salesforce Exfiltration Policies
      • Salesforce App Selection
      • Scope
      • Trigger
      • Advanced Settings
      • Creating Policy
      • Remediation for Salesforce Exfiltration
Powered by GitBook
On this page
  • Configuring Trigger Section
  • Exclude Apps

Was this helpful?

Export as PDF
  1. Exfiltration Prevention for Google Drive
  2. Configuring Google Drive Policies

Trigger

PreviousScopeNextAutomated Actions

Last updated 7 months ago

Was this helpful?

The trigger section further enhances the unwanted noise reduction capabilities. With the trigger section, you can

  • Set what download behavior can be termed as an exfiltration event.

  • Exclude downloads by trusted apps from being termed as exfiltration events.

Configuring Trigger Section

In the trigger section, you can set the download behavior, the download frequency to be precise, must be termed as an exfiltration event.

To configure the Trigger section:

  1. Set the minimum number of downloads threshold that must be considered as an exfiltration event.

  2. Set the required time period (frequency). If the minimum download threshold (set in the previous step) is reached or exceeded, within the set time period, an exfiltration event is generated.

In the following image, the configurations are set such that if an asset is downloaded 2 or more times within 10 minutes, an exfiltration event is triggered.

You must set the action frequency carefully. For example, consider that you set the download condition as 5 or more files, within 1 hour. In this case, if a user downloads four assets, every 1 hour, the policy does not trigger a violation, since the condition is not met.

Exclude Apps

Depending on your environment, a significant number of downloads may be attributed to applications (i.e. backup apps). You may choose to ignore such download events to reduce the noise and focus your monitoring on unexpected application and user download events.

The Exclude apps section allows you to exclude specific applications from being monitored by your policy.

To configure the Exclude apps section, select the applications to exclude from the drop-down menu. Once saved, Nightfall will not alert on download events attributed to the excluded applications.