Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Nightfall Exfiltration
  • What is Data Exfiltration
  • Nightfall Detection Platform
    • Nightfall Detection Platform
  • Exfiltration Prevention for Google Drive
    • Installing Nightfall for Google Drive
    • Configuring Integration Alerts
    • Configuring Google Drive Policies
      • Google Drive App Selection
      • Scope
      • Trigger
      • Automated Actions
      • Creating Policy
    • Remediation for Google Drive Exfiltration
  • Exfiltration Prevention for Endpoint
    • Endpoint Exfiltration Prevention
    • Install Nightfall AI Agent for MAC OS
      • Manual Installation
      • Nightfall Agent Deployment with Kandji MDM
      • Nightfall Agent Deployment with Rippling MDM
      • Nightfall Agent Deployment with JAMF MDM
    • Install Nightfall AI Agent for Windows OS
      • Manual Installation
      • Nightfall Windows Agent Deployment: Rippling MDM
      • Nightfall Windows Agent Deployment: Generic MSI Deployment
    • Configuring Integration Alerts
    • Configuring Policies
      • MAC/Windows App Selection
      • Scope
      • Trigger
      • Advanced Settings
        • Admin Alerting
        • Automated Actions
        • End-User Notifications
      • Creating Policy
      • Remediation for MAC OS Policies
      • FAQs
      • Remediation for Windows OS Policies
  • Exfiltration Prevention for Salesforce
    • Nightfall Exfiltration for Salesforce
    • Installing Nightfall Exfiltration for Salesforce
    • Upgrading Nightfall DLP
    • Configuring Integration Alerts
    • Configuring Salesforce Exfiltration Policies
      • Salesforce App Selection
      • Scope
      • Trigger
      • Advanced Settings
      • Creating Policy
      • Remediation for Salesforce Exfiltration
Powered by GitBook
On this page
  • Data Types
  • Filters
  • Internal Users
  • Salesforce Profiles
  • Example Scenario

Was this helpful?

Export as PDF
  1. Exfiltration Prevention for Salesforce
  2. Configuring Salesforce Exfiltration Policies

Scope

PreviousSalesforce App SelectionNextTrigger

Last updated 8 months ago

Was this helpful?

The Scope section determines which areas of Nightfall needs to be monitored by Nightfall for Exfiltration. You can choose one or all of the following data types to be monitored.

  • Attachments & Files

  • Reports

  • Records & Objects

After you make the required selection, you can also add filters to monitor specific Salesforce users or Salesforce profiles.

If you have connected multiple Salesforce org, the scope page allows you to select one and only one Salesforce org for the policy.

Nightfall can detect download actions done only from the Salesforce lightning version. Any download action done on the Salesforce Classic version cannot be detected by Nightfall.

Data Types

In the Data Types section, you must select the Salesforce data types to be monitored. By default, all the three data types are selected. You can choose to either retain all the three data types or clear any of the data types.

It is mandatory to select at least one data type for monitoring.

Filters

The Filters section allows you to add additional filters, on top of the selected data types, to narrow down the monitoring scope. Nightfall provides the following two types of filters.

Internal Users

You can choose specific Salesforce users whose activities need to be monitored or excluded from being monitored. Nightfall populates the list of all your users from Salesforce. You need to select either the users whose activities need to be monitored or the users whose activities need to be excluded from monitoring.

To add Users filter, click Add Filter and select Internal Users.

To monitor specific users, select the Monitor specific option. To exclude specific users from being monitored, select the Monitor all, except option.

Nightfall populates the list of Salesforce users in the Search users field. You can select the all the required users.

Salesforce Profiles

You can choose specific Salesforce profiles whose activities need to be monitored or excluded from being monitored. Nightfall populates the list of all your Salesforce profiles. You need to select either the profiles whose activities need to be monitored or the profiles whose activities need to be excluded from monitoring.

To monitor specific Salesforce profiles, select the Monitor specific option. To exclude specific Salesforce profiles from being monitored, select the Monitor all, except option.

Nightfall populates the list of Salesforce profiles in the Search profiles field. You can select the all the required users.

Example Scenario

Contoso Ltd. uses Salesforce to host their applications. They have three users Steve, Rick, and Matt in their Salesforce org. These users are not Contoso employees. They are employees of Acme corp. which is a prospective customer of Contoso Ltd. Steve, Rick, and Matt are evaluating Constoso's app so that they can check if it meets Acme corp's requirements. Contoso has created a Salesforce profile called Prospective customers and added these three users to this profile

Contoso Ltd. uses Nightfall Salesforce exfiltration and wishes to check if any files with sensitive data is downloaded by any of these three users. They create a Salesforce exfiltration policy to monitor all the data types. They can choose one of the following filter.

  • They can use the Internal Users filter and add these three users.

  • They can select the Salesforce Profiles filter and add the Prospective customers profile to it. So, in future if any other prospective customers added, they are also automatically monitored.