Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Data Classification and Discovery
  • Nightfall Exfiltration
  • What is Data Exfiltration
  • Nightfall Detection Platform
    • Nightfall Detection Platform
  • Exfiltration Prevention for Google Drive
    • Installing Nightfall for Google Drive
    • Configuring Integration Alerts
    • Configuring Google Drive Policies
      • Google Drive App Selection
      • Scope
      • Trigger
      • Automated Actions
      • Creating Policy
    • Remediation for Google Drive Exfiltration
  • Exfiltration Prevention for Endpoint
    • Endpoint Exfiltration Prevention
    • Install Nightfall AI Agent for MAC OS
      • Manual Installation
      • Nightfall Agent Deployment with Kandji MDM
      • Nightfall Agent Deployment with Rippling MDM
      • Nightfall Agent Deployment with JAMF MDM
    • Install Nightfall AI Agent for Windows OS
      • Manual Installation
      • Nightfall Windows Agent Deployment: Rippling MDM
      • Nightfall Windows Agent Deployment: Generic MSI Deployment
    • Configuring Integration Alerts
    • Configuring Policies
      • MAC/Windows App Selection
      • Scope
      • Trigger
      • Advanced Settings
        • Admin Alerting
        • Automated Actions
        • End-User Notifications
      • Creating Policy
      • Remediation for MAC OS Policies
      • FAQs
      • Remediation for Windows OS Policies
  • Exfiltration Prevention for Salesforce
    • Nightfall Exfiltration for Salesforce
    • Installing Nightfall Exfiltration for Salesforce
    • Upgrading Nightfall DLP
    • Configuring Integration Alerts
    • Configuring Salesforce Exfiltration Policies
      • Salesforce App Selection
      • Scope
      • Trigger
      • Advanced Settings
      • Creating Policy
      • Remediation for Salesforce Exfiltration
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Exfiltration Prevention for Salesforce
  2. Configuring Salesforce Exfiltration Policies

Trigger

PreviousScopeNextAdvanced Settings

Last updated 9 months ago

Was this helpful?

The Trigger section in Salesforce policies allows you to define the frequency of action that must be considered as an exfiltration event. In case of Salesforce policies, the download frequency is the trigger.

The download frequency can be defined as the number of downloads over a period to time. This allows you to set custom thresholds in terms of number of downloads over a specific period of time and can be useful to identify anomalous download patterns for specific locations, users or content type. This can be set in combination to other scoping capabilities.

Configuring Triggers

In the Actions section, you can define the download action that must be considered as a potential exfiltration attempt by Nightfall. Nightfall allows you to set the frequency of downloads as the action.

To configure Actions:

  1. Click the minimum number of files that must be the download threshold.

  1. Set the time period within which the minimum no. of downloads must be considered as exfiltration event.

In the following case, an exfiltration event is created if, there are 2 or more downloads within a minute.

You must set the action frequency carefully. For example, consider that you set the action condition as 5 or more files, within 1 hour as shown in the following image. In this case, if a user downloads four assets, every 1 hour, the policy does not trigger a violation, since the Action condition does not match. So, a user can keep downloading four files every hour and get away with it.