# Trigger

The Trigger section in Salesforce policies allows you to define the frequency of action that must be  considered as an exfiltration event. In case of Salesforce policies, the download frequency is the trigger. 

The download frequency can be defined as the number of downloads over a period to time. This allows you to set custom thresholds in terms of number of downloads over a specific period of time and can be useful to identify anomalous download patterns for specific locations, users or content type.  This can be set in combination to other scoping capabilities. 

## Configuring Triggers

In the Actions section, you can define the download action that must be considered as a potential exfiltration attempt by Nightfall. Nightfall allows you to set the frequency of downloads as the action. 

To configure Actions:

1. Click the minimum number of files that must be the download threshold.

<figure><img src="/files/zsG5hPyv2m8aDxzh4wdq" alt=""><figcaption></figcaption></figure>

2. Set the time period within which the minimum no. of downloads must be considered as exfiltration event.

<figure><img src="/files/pKfEhkYvund4Fo5a79yf" alt=""><figcaption></figcaption></figure>

In the following case, an exfiltration event is created if, there are 2 or more downloads within a minute.

<figure><img src="/files/2ZkVR1iOCEjXXQjaZ5lR" alt=""><figcaption></figcaption></figure>

{% hint style="danger" %}
You must set the action frequency carefully. For example, consider that you set the action condition as **5 or more files**, **within 1 hour** as shown in the following image. In this case, if a user downloads four assets, every 1 hour, the policy does not trigger a violation, since the Action condition does not match. So, a user can keep downloading four files every hour and get away with it.&#x20;
{% endhint %}

<figure><img src="/files/KCqNkqS4j2NEN1l0vNUz" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_salesforce/policies/trigger.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.