Historical Scan Detection Rules

Some Nightfall integrations (e.g. Nightfall DLP for Google Drive) offer options for both historical and real-time scanning. Some organizations wish to minimize the amount of real-time alerts they receive daily but still want to maintain a comprehensive data scanning and protection strategy.

One option is to create Detection Rules for real-time scans that are limited to the types of sensitive information that are most critical or highest risk to your organization. Then, leverage broader historical scans to capture less critical risks on a routine cadence, when your team can plan resourcing in advance (e.g. monthly or quarterly).

Running Historical Scans

Nightfall can fully manage historical scan executions on your behalf to scan data in your SaaS applications. Due to the sheer volume of content that can amass in cloud apps over time, historical scans can be very resource-intensive and may take days or more to process. As such, we advise against running broad historical scans all at once.

Instead, we recommend that you prioritize certain detectors based on your organization’s definition of critical violations and limit the scan to a specific date range (e.g. one month at a time). Then, you can request the Nightfall team (support@nightfall.ai or contact your customer success representative) to run a historical scan on a SaaS application of interest.

Upon completion of the historical scan, Nightfall will share a risk assessment report with an overview of the highest severity findings, highest risk files or resources, users with the most number of violations, the total amount of data scanned, and more.

Last updated