The Nightfall Detection Engine empowers you with the freedom and flexibility to define a DLP detection rule that works for your organization's particular use case. The Detection Engine allows you to craft custom Detection Rules specific to your requirements. Each Detection Rule consists of any number of individual data-type detectors which may be provided pre-built by Nightfall or created as a regular expression of your own devising.
You can define specific triggering conditions for each Detector including a minimum confidence threshold and minimum number of findings per message or file. You can also add customized context-based rules to affect the confidence rating of a detection. These context rules can increase the likelihood of a detection based on a specific pattern found within a chosen range of characters from the detected token. You can also set Exclusion Rules to ignore findings if chosen patterns are found nearby.
Once created, a Detection Rule can be imported for use in any of your Nightfall integrations, or referenced by UUID in requests to the Nightfall API.
Creating your first detection rule:
You can begin by clicking "New Detection Rule" in the upper right hand corner.
You may now add up to 50 detectors to your detection rule.
Use the "Search" input to filter Detectors. You may also narrow the results to those built by nightfall or your own custom Detectors using the left hand panel of the Choose Detector modal window. Click the checkbox next to the Detector name to select to add it to the Detection Rule.
Hit the Add button in the lower right hand corner when you are done adding Detectors.
In this example, we have selected US Social Security Number, Credit Card Number, and API Key.
Now that your detectors are set, choose a minimum confidence level and a minimum number of findings for each Detector.
Save your Detection Rule in the lower lefthand corner once you are done.
Now that your Detection Rule is saved, you are ready to import it for use with any of our native integrations by selecting it in the dropdown list for that integration.
As a next step, you can further customize your Detection Rules by creating customer detectors. Custom detectors can add context and exclusion rules on top of pre-built Nightfall detectors, or can be built off your own custom regular expressions. Be aware that you may not have two detectors based off of the same Nightfall data type within the same detection rule.
To see how to create Detection Rules for many integrations, please see the tutorial below: