Links

Reporting

Learn how you are now able to generate Reports directly from your Nightfall console Dashboard
Customers can now navigate directly to the Dashboard → Generate Reports to get access to four independent reports:
  1. 1.
    Policy violations report - Aggregation of violations along with distribution by confidence thresholds and status by the policy.
  2. 2.
    Highest risk users report - Aggregation of violations along with distribution by confidence thresholds and status by each user.
  3. 3.
    Total data scanned report - Summary of total data and items scanned per integration.
  4. 4.
    Sensitive data exposure report - Summary of policy violations with location (Slack channel, Shared drive etc) and sub-location (channel type etc) information.
These reports will allow you to get more access to detailed insights to identify users, cloud applications and locations within those applications with the highest risk, types of sensitive data sprawl, and the size of data scanned across applications.
We believe this will Improve the overall security hygiene by training repeat offenders and teams with security training. This will also address requirements for compliance audits such as PCI DSS, for example.

Integrations Supported

  • Supported - Slack, Google Drive, Confluence, Jira
  • Not supported - Developer platform, Salesforce and GitHub violations shall be added to reports in a future release.

Release Schedule

  • Closed beta - 20th July 2022
  • General availability - 1st week of August

Functional details

Time period for which you can generate reports
  • Last 7, 30, 90, 120, 180 days
Policy violations report
  • Policy name
  • Policy UUID - Unique identifier for each policy
  • Policy version - Unique version for each policy
  • Integration - Native integration name
  • Detection Rule
  • Detection Rule UUID - Unique identifier for each detection rule
  • Detectors
  • Count of
    • all violations
    • active violations
    • actioned violations
    • quarantined violations
    • archived violations
    • Reported - Ignored or marked as false positive
  • Count of
    • Likely
    • Very likely
    • Possible
  • Count of
    • Manual actions
    • Automated remediation actions
Sensitive data exposure report
  • Location - Slack channel name or DM, file name or link, Confluence space or Jira project
  • Sub-location - Shared drive name, channel type etc
  • Integration
  • Violated policies
  • Detection rules
  • Detectors
  • Count of
    • active violations
    • actioned violations
    • archived violations
  • Count of
    • Likely
    • Very likely
    • Possible
Highest risk user report
  • User Name - There shall be duplicate entries for each user in each integration. We do not aggregate by the same user across multiple integrations as of today.
  • Integration
  • Violated policies
  • Detection rules
  • Count of
    • all violations
    • active violations
    • actioned violations
    • quarantined violations
    • archived violations
    • reported violations - Ignored or marked as false positives
  • Count of
    • Likely
    • Very likely
    • Possible
Data scanned report
  • Data scanned (GB)
  • Count of Items scanned - Files in case of Google drive, Jira tickets in case of Jira, pages in case of Confluence, Message in case of Slack
  • Integration
Example usage can be seen below:
Select the Generate Reports option on the top right of your dashboard
Select the timeframe and report type that you would like
Once done, select 'Generate' and a confirmation message will appear.
If interested in the Reporting beta, or you have any questions, please reach out to your Customer Success Manager or to [email protected]