Learn how to configure end user notifications in Nightfall exfiltration policies.
This section allows you to configure notifications to be sent to the end user whose actions triggered the violation.
Enter a custom message to be sent to the end user. This message is sent in an Email or a Slack message. You can modify the default message provided by Nightfall and draft your own. The total character length allowed is 1000 characters. You can also add hyperlinks in the custom message. The syntax is <link | text >. For example, to hyperlink https://www.nightfall.ai with the text Nightfall website, you must write <https://www.nightfall.ai | Nightfall website>.
You can either select Email, Slack, or both as an automated notification method. You must turn the toggle switch to use this option. Based on the options selected, end-users receive notifications to their email or Slack if the latter is configured as an alert platform.
End-User Remediation (also known as Human Firewall) allows you to configure remediation measures that end-users can take when an exfiltration event is triggered due to their actions. You must turn on the toggle switch to use this option. When you configure end-user remediation, the user whose actions triggered the exfiltration event receivesa notification from Nightfall. This notification provides details of the user's actions that caused the exfiltration along with your custom message. End-users can take appropriate actions.
Nightfall supports the following remediation actions end-users.
Provide Business Justification: This option allows end-users to add a descriptive note on the file transfer or exfiltration event. Basically, users can provide a business justification giving you more context into the file transfer or a business justification. The user input is delivered directly to the console for review, saving you time and helping you assess the risk of the data transfer based on the additional user input.
The other options available to be configured in this section are:
When a Violation is Reported as False Positive (justified): You can use this option to set actions to be taken when input has been provided by the end-user. You can automatically ignore violations for which the user has provided input.
Remind Every (until Violation expires): You can use this option to adjust the frequency at which Nightfall should remind the user to provide context into their data transfer. You can choose to remind the end user every 24, 48, or 72 hours.