Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Nightfall Exfiltration
  • What is Data Exfiltration
  • Nightfall Detection Platform
    • Nightfall Detection Platform
  • Exfiltration Prevention for Google Drive
    • Installing Nightfall for Google Drive
    • Configuring Integration Alerts
    • Configuring Google Drive Policies
      • Google Drive App Selection
      • Scope
      • Trigger
      • Automated Actions
      • Creating Policy
    • Remediation for Google Drive Exfiltration
  • Exfiltration Prevention for Endpoint
    • Endpoint Exfiltration Prevention
    • Install Nightfall AI Agent for MAC OS
      • Manual Installation
      • Nightfall Agent Deployment with Kandji MDM
      • Nightfall Agent Deployment with Rippling MDM
      • Nightfall Agent Deployment with JAMF MDM
    • Install Nightfall AI Agent for Windows OS
      • Manual Installation
      • Nightfall Windows Agent Deployment: Rippling MDM
      • Nightfall Windows Agent Deployment: Generic MSI Deployment
    • Configuring Integration Alerts
    • Configuring Policies
      • MAC/Windows App Selection
      • Scope
      • Trigger
      • Advanced Settings
        • Admin Alerting
        • Automated Actions
        • End-User Notifications
      • Creating Policy
      • Remediation for MAC OS Policies
      • FAQs
      • Remediation for Windows OS Policies
  • Exfiltration Prevention for Salesforce
    • Nightfall Exfiltration for Salesforce
    • Installing Nightfall Exfiltration for Salesforce
    • Upgrading Nightfall DLP
    • Configuring Integration Alerts
    • Configuring Salesforce Exfiltration Policies
      • Salesforce App Selection
      • Scope
      • Trigger
      • Advanced Settings
      • Creating Policy
      • Remediation for Salesforce Exfiltration
Powered by GitBook
On this page
  • Prerequisites
  • Installation Doc Links

Was this helpful?

Export as PDF
  1. Exfiltration Prevention for Salesforce

Nightfall Exfiltration for Salesforce

PreviousRemediation for Windows OS PoliciesNextConfiguring Integration Alerts

Last updated 8 months ago

Was this helpful?

Nightfall Exfiltration for Salesforce helps you to keep tab of the exfiltration activities in your Salesforce orgs. Nightfall leverages Salesforce Shield Real Time Event Monitoring for exfiltration activities across your Salesforce orgs and identifies activities which are in violation to configured policies.

Download of attachments, files, reports and bulk download of objects are all exfiltration event recognised by Nightfall. You can configure policies to set appropriate thresholds for such events and identify them as unwarranted that may require scrutiny. You may configure the policy to alert the stakeholders who need to be notified and choose one of the available actions to be invoked automatically. You may also choose not to configure automated actions but only act after evaluating the specific exfiltration events.

Prerequisites

Nightfall exfiltration leverages Salesforce Shield's Event Monitoring to identify exfiltration events. Salesforce Shield provides multiple security tools to safeguard your Salesforce orgs. Nightfall depends on in Salesforce Shield which is available as an independent module within . You must enable the following Event Monitoring settings for all the Salesforce orgs that you wish to monitor,

  • Generate event log files - Generate an event log file when events occur in your org.

  • Enable Lightning Logger Events - Enable collection of Lightning Logger Events in custom components.

  • Enable the following events for storage and streaming

    • Bulk API Result Event - Track when a user downloads the results of a Bulk API request

    • File Event - Track file activity. For example, track when a user downloads or previews a file

    • Report Event - Track when a user accesses or exports data with reports

    • SessionHijacking Event - Track when an unauthorised user gains ownership of a Salesforce user’s session with a stolen session identifier

You can learn more about Salesforce Shield and once enabled, advance to the next steps with

If you have already onboarded your Salesforce org to Nightfall platform, please ensure you have the latest Nightfall DLP package deployed in your Salesforce org. Follow the steps mentioned in to upgrade it to the latest version.

You must perform the above actions only on those Salesforce orgs in which the Salesforce Shield Event monitoring module is enabled.

Installation Doc Links

The installation procedure remains the same as in case of Salesforce DLP for sensitive data. The links to the installation and upgradation documents are as follows.

Event Monitoring
Salesforce Shield
here
Installing Nightfall DLP for Salesforce
Upgrading Nightfall DLP
Installing Nightfall DLP for Salesforce
Upgrading Nightfall DLP for Salesforce