Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Turn off the Nightfall bot in secure private communications
If you are a Nightfall Enterprise for Slack customer, Nightfall can automatically scan your entire Slack organization - including all public channels, private channels, and direct messages (DMs) in your workspace. You can make these selections in your policy configuration.
If you are a Nightfall Pro customer, Nightfall is not able to scan within private channels or DMs unless the Nightfall Pro bot is invited into those channels.
On Nightfall Enterprise for Slack, you may wish to exclude detection and monitoring for specific channels and conversations:
With the new features in the Slack Enterprise offering, you can now do this easily.
Upon Slack Policy creation, select which Slack channels or conversations you would like to Exclude from monitoring:
Within your Slack policy, enter the conversation ID of the channels or conversation you would like to exclude
To find a channel's conversation ID, right click the channel in Slack and copy link. The Conversation ID is at the end of the link, after the last forward slash.
For any questions, please reach out to support@nightfall.ai and we will be happy to assist you.
Learn how to migrate from Slack Pro to Slack Enterprise edition
The upgrade from Nightfall Pro for Slack to Nightfall Enterprise for Slack will take approximately 30 minutes to complete. Nightfall will guide you through this process with the support of the Nightfall Customer Success, Product Management, and Engineering teams. The Slack Discovery API must be enabled on your Slack account in order to complete the upgrade.
The process will begin by having your Slack workspace owner uninstall the Nightfall Pro for Slack application from your Slack environment. This will remove the application from the Slack environment and also remove the Nightfall bot from all Slack channels it has joined (Nightfall will discontinue use of the custom auto-join script). The bot does not post any messages or notifications to a channel when it leaves - this will occur silently and without disruption to end-users. Lastly, the current Nightfall alerting channel will need to be deleted in your Slack environment. (NOTE: Please be sure to export all required audit data from this channel prior to deletion.)
Once the Nightfall Pro application has been uninstalled, the Nightfall admin console will prompt you to install the Slack Enterprise application. The two steps included are to:
Authorize the Nightfall application to use the Slack Discovery API
Install the Nightfall application into your Slack workspace.
Once installation is complete, the Nightfall application will automatically create three new private Slack channels (#nightfall-alerts-slack, #nightfall-content-slack, and #nightfall-quarantine-slack) in the chosen Slack workspace. The user that installed the Nightfall application will be the sole member of those private channels and will need to invite any additional required administrators to those channels (the recommended method for invitation is using the following command in each of the Slack channels "/invite @[user to invite]"). Alerts for violations in all workspaces will be generated and triaged in these Slack channels.
While the Nightfall Pro application scans files and messages at the channel level (requiring it to be invited manually or automatically into any channel that customer would like to monitor), the Nightfall Enterprise application leverages the Slack Discovery API for detection and classification. This allows the Enterprise application to operate without invitation to individual channels or exposure to end users. The Nightfall bot will not join any individual channels or post any notifications or messages to channels notifying the end-user about monitoring, unlike Nightfall Pro (this includes newly created channels as well).
Rather than segmenting channels by choosing which channels to invite the bot to, with the Enterprise application, you’ll segment channels by selecting channel types and workspaces to monitor in the Nightfall admin console (options for individual channel whitelisting are managed here as well).
With the upgrade to Nightfall Enterprise, you’ll now have the ability to inspect findings via quarantine functionality and the #nightfall-content-slack channel. When an alert is generated in #nightfall-alerts-slack, a third option ("Quarantine") will now be available (in addition to the existing "Approve" and "Delete" options).
Quarantining a sensitive item will result in the original message/file being removed from its context and replaced with a tombstone message, visible to the sender and any other members of the channel.
For a full list of features & differences between Nightfall Pro and Enterprise, please review our comparison chart here.
One feature in the old product that is not yet supported in the new product, but is coming soon, is the Analytics Dashboard. This includes the ‘Download as CSV’ feature.
However, Nightfall will still send you Weekly Analytics Summary emails. Additionally, any analytics data needed can be manually compiled for you as needed. For ad-hoc analytics data requests, please contact your Customer Success Manager.
For the initial authentication to Slack, a machine/service account user is recommended but not required - if the person who installs the app leaves the company, you will be prompted to reinstall the next time that you log in to the dashboard.
If you have any questions, please reach out to your Customer Success Manager or to support@nightfall.ai.
Learn why you might not be able to view sensitive messages or files in Nightfall alert channel.
If you are a Nightfall Enterprise for Slack customer, you will receive alerts on sensitive data found in public channels, private channels, and direct messages. If you are a Nightfall Pro customer, you will receive alerts on sensitive data found in parts of the workspace that the Nightfall bot is a member of, typically public channels and perhaps select private ones.
If the sensitive content is in a public channel, the link in the Nightfall alert channel (#nightfall-alerts-slack by default) will take you to that content in Slack. If the content is in a private channel or DM, and you are not a member of that private channel or DM, you will be unable to directly view the sensitive message from the link in the Nightfall alert channel because your Slack permissions do not allow you to view this content. Attempting to follow the alert channel’s “Go to message” link may redirect you to a page like the one below:
To view this content on Nightfall Enterprise for Slack, we suggest quarantining it. Once quarantined, you will be able to view the message or file in question by visiting the #nightfall-content-slack or #nightfall-quarantine-slack channels. Note that the original content will be temporarily replaced with a tombstone message, while it is in a quarantined state.
If you still cannot access the sensitive message or file, please contact support@nightfall.ai for assistance.
To view this content on Nightfall Pro for Slack, you would need to be invited into the private channel or group that contains the sensitive data or consult with a user who has the ability to access those parts of the workspace.
Redacting Sensitive Messages in Slack
In the Slack integration, you are able to use redaction as a remediation action for messages. Similarly to how you can notify, quarantine, or delete messages, you can also choose to redact the sensitive info out of messages, so that only the first two characters of the sensitive token are shown, and the rest of the message is then shown as a set of *** characters. (Note: Redaction is only available for messages, and cannot be used for images/files shared in Slack) This is available in the Slack Enterprise integration. Please find some screenshots below, for what this workflow may look like.
A potential sensitive message is posted in a channel that is being monitored by a Nightfall Slack policy:
2. The Nightfall Alert is Generated:
3. Once the 'Redact message' option is chosen:
4. Once you confirm you would like to redact the message:
You can now see the redacted message in the original message location, as well as a small message that notifies the user their message has been redacted as it may contain sensitive information.
In the Slack Policy itself, it will be shown in the list of Automated actions, along with the other remediation actions as well:
Please find links to our FAQs for Slack in the subpages of this section.
Compatible Slack Plan
Nightfall Pro
Nightfall Enterprise
Slack Free
Slack Standard
Slack Plus
Slack Enterprise
Coverage
Scan public channels
Scan private channels
* Selectively, if admin can invite the bot
Scan direct messages (one-to-one and groups)
Scan public shared/Slack Connect channels
Scan private shared/Slack Connect channels
* Selectively, if admin can invite the bot
Scan shared/Slack Connect direct messages
Scan multiple workspaces
Scan all or select workspaces
Scan specific content types and channel types
Exclude specific channels
Compliance & Interoperability
Scan all historical data in Slack
Webhooks Supported as Alerting Options
Email Addresses Supported as Alerting Options
Support & Training
Dedicated customer success manager
Email, live chat, help center
Orchestration & Remediation
Nightfall Pro
Nightfall Enterprise
Manual & automated end-user notification
Manual & automated deletion
Manual & automated quarantine
Manual & automated message redaction
Weekly analytics email digest
Detection
Detection engine with detector customization
Out of the box machine learning detectors
Custom regular expression support
Latency
Seconds
Seconds
Configuration
Must be installed by
Workspace Owner
Org Owner
Number of dashboard seats
Unlimited
Unlimited
MFA & SSO support
Learn how to customize the alert messages sent in Slack alerts
You have the ability to customize notifications sent as part of Slack alerts. Previously, Slack alerts carried the same template notification, which can be seen below:
You can edit the template now. This can be done as follows.
Navigate to the Slack integration.
Scroll down to the Customize end-user notifications sections.
Edit the message as required.
Click Save changes.
To include hyperlinks in your message to end users, you must enclose the URL in <>. If you do not enclose the URL in <>, the URL is treated as plain text. So, to publish the URL www.nightfall.ai, you must draft it as follows.
<www.nightfall.ai>
Furthermore, to replace the URL with some other text, you must use the following syntax.
<{link}|{hyperlinked text}>
So, to display www.nightfall.ai as the Nightfall Home page, you must draft the message as follows.
<www.nightfall.ai | Nightfall Home page>
Understand why Channel Management Restrictions in your Slack Workspace settings may be causing Slack 400 error.
If you see the following error on a white page, during Slack installation, this is because of a restriction in your Slack workspace of who can create private channels:
{"status":400,"detail":"failed to create notification channel: restricted_action"}
Please follow the instructions below to remedy this issue: 1. Open your Slack Workspace settings 2. Go to the Permissions tab
3. Expand the option for Channel Management 4. For the setting "People who can create Private channels", please set to the default option "Everyone, plus Multi-Channel Guests (default)"
Nightfall Pro for Slack is able to scan across all public channels in your workspace. By default, the bot is only in any channels that you invite it into. Nightfall can invite the bot to all public channels, including any new ones, upon request - please email to enable auto-joining for all public channels on Nightfall Pro.
Nightfall Enterprise for Slack is able to scan all public and private channel types, including direct messages.
In addition, Nightfall scans for sensitive information in Slack channels shared with other workspaces, aka shared channels. Nightfall is able to scan all shared channels on Nightfall Enterprise - you are able to able to choose which to scan, within the policy configuration. For Nightfall Pro, Nightfall can only scan shared channels in which the bot has joined.
Customers will receive alerts and can set up automated actions for sensitive information shared by all parties in shared Slack channels. However, Nightfall is unable to delete content posted by members of workspaces that are not covered by Nightfall because this content is “owned” by the organization you are sharing the channel with.
Learn the process of reinstalling Slack pro edition.
You must reinstall Slack to get the latest Slack integration features released by Nightfall. This document explains the process to reinstall the Slack app.
In the Slack application, click Nightfall Pro under the Apps section.
Click on Nightfall Pro on the top.
Click Configuration.
Ensure that a new browser window opened up and the Configuration tab is selected.
Scroll down and click Remove app.
A confirmation pop-up window is displayed. Click Remove app again to confirm the uninstallation of the Slack app.
Login to the Nightfall application.
Click Integrations.
Click Manage for the Slack integration.
Click Begin Setup.
Click Allow.
Follow the on screen instruction and complete the setup.
Yes
No
Yes
No
Yes
No
No
Yes (requires Discovery API)
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
No
Yes
No
Yes
No
Yes
Yes
Yes
No
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
5. Please navigate back to the Nightfall console to complete the Slack installation. The Slack bot will now have the proper permissions required to complete the installation, as well as the private channel creation. 6. Once the installation and channel creation is complete, please feel free to revert the permissions setting back to its previous, restricted option. For reference, you can also visit in the Slack help center, which explains how to reach this setting and the associated instructions as well.
Learn what happens when both, end-user and admin apply action on sensitive data.
When an end-user sends a message in Slack that has sensitive data, a violation is generated on the Nightfall Violations page. If the end-user edits the message, and removes the sensitive data, and a Nightfall admin (who is unaware that the end-user has edited the message), applies either the Redact, Delete, or the Quarantine action from the Nightfall Violations page or from the message received in any of the admin notification channels, the status of the Violation changes to either Redacted, Deleted, or Quarantined based on the action applied by the Nightfall admin. The violation log also records this action as <<action name> by <<user name>> - time.
The edit performed by the end-user has no impact.
However, once the deduplication feature is extended to the Slack integration, any action performed by any user, automatically changes the status of the violation accordingly.
Even after applying the actions, the Slack message history displays the redacted, deleted, and quarantined messages. This is a Slack limitation.
The Redact and the Quarantine actions are available only in the Slack enterprise edition.
Learn the process of reinstalling Slack enterprise edition.
You must reinstall Slack to get the latest Slack integration features released by Nightfall. This document explains the process to reinstall the Slack app.
In the Slack application, click Nightfall Enterprise DLP for Slack under the Apps section.
Click on Nightfall Enterprise DLP for Slack on the top.
Click Configuration.
Ensure that a new browser window opened up and the Configuration tab is selected.
Scroll down and click Remove app.
A confirmation pop-up window is displayed. Click Remove app again to confirm the uninstallation of the Slack app.
Login to the Nightfall application.
Click Integrations.
Click Manage for the Slack integration.
Click Begin Setup.
A confirmation window opens. Scroll down and click Allow.
Follow the on screen instruction and complete the setup.