Configuring Automated Actions

This stage allows you to select notification channels if a policy violation occurs. The advanced settings page consists of the following configurations.

Admin Alerting: This section describes the process of setting alerts for Nightfall administrators when a policy violation is detected.

Automated Actions: This section describes the automated actions that can be taken when a policy violation is detected.

End User Notification: This section describes the process of setting alerts for end users (a person whose action caused a violation) when a policy violation is detected.

Admin Alerting

This section allows you to send notifications to Nightfall users. The various alert methods are as follows. You must first turn on the toggle switch to use an alert method.

Slack Alert: Select a Slack channel to which the violation alerts must be sent. To configure this alert method, Slack must be enabled as an Alert method. To learn more about configuring Slack as an alert channel, refer to this document.

Jira Alert: Select the JIRA project and other parameters. A JIRA ticket is created in the selected JIRA project for each policy violation.

Email Alert: Enter the Email address of the recipient who needs to be notified about policy violations.

Webhook Alert: Configure webhook URL and headers.

When you configure alerts to a Webhook, Nightfall AI sends occasional posts to:

  • To validate that the Webhook is properly configured before the policy is saved.

  • Periodically thereafter to ensure that the Webhook is still valid.

The response to the test Webhooks is 200 status code if successful.

An example of Webhook request is as follows.

{
  "service": "nightfall",
  "test": true,
  "timestamp": "2024-03-07T23:18:39Z"
}

This is part of alert event consumption and can be ignored.

Automated Actions

This section describes the various actions that Nightfall takes automatically when a violation is detected. You must turn on the toggle switch to enable an action. All the automated actions are permanent and cannot be reversed once applied. You can also set the timeline as to when an action must be taken (immediately after detecting a violation or after some time).

The various automated actions are described as follows.

  • Delete: This action deletes any attachments or field data in the Salesforce that contains sensitive information. You can turn on the toggle switch to enable this action. You must also select the timeline as to when this action must be taken after a policy violation is detected. You can either choose to take the action immediately after detecting a violation or after a few minutes, hours, or days.

How Delete Action Works for Files in Nightfall DLP for Salesforce

When you create a new Salesforce file it is considered to be the first version of the file. Every time you edit the file, Salesforce creates a new version of the file that has the latest changes. All the previous versions of the file are also stored by Salesforce.

When Nightfall detects sensitive data in a file, Nightfall overwrites the file and uploads a text file that contains a message on why your file was replaced by the text file. You can contact your Salesforce admin to provide you with the previous version of the file that contains sensitive data.

Nightfall does not delete the file containing sensitive data because the delete action will delete all the versions of the file.

The Delete action is not supported for the Salesforce Email object.

  • Redact: This action redacts all the sensitive information found in Salesforce, that is monitored by this policy. You can turn on the toggle switch to enable this action. You must also select the timeline as to when this action must be taken after a policy violation is detected. You can either choose to take the action immediately after detecting a violation or after a few minutes, hours, or days.

The Redact action is not applicable to attachments and the Salesforce Email object.

End User Notification

This section allows you to configure notifications to be sent to the end user whose actions triggered the violation.

  • Custom Message: Enter a custom message to be sent to the end user. This message is sent in an Email. You can modify the default message provided by Nightfall and draft your message. The total character length allowed is 1000 characters. You can also add hyperlinks in the custom message. The syntax is <link | text >. For example, to hyperlink www.nightfall.ai with the text Nightfall website, you must write <www.nightfall.ai|Nightfall website>.

  • Automation: You can either select Email, Slack, or both as an automated notification method. You must turn the toggle switch to use this option. Based on the options selected, end-users receive notification on their Email account associated with Zendesk, or Slack account configured.

End User Remediation

End-User Remediation (also known as Human Firewall) allows you to configure remediation measures that end users can take when a violation is detected in their Salesforce orgs. You must turn on the toggle switch to use this option. The various available options are as follows.

  • Delete: This action deletes any attachments in Salesforce that contain sensitive information. To allow end-users to implement this action, you must disable it from the Automated Actions section. The Redact action is not available for the Email object.

  • Redact: This action redacts all the sensitive information found in Salesforce. To allow end-users to implement this action, you must disable it from the Automated Actions section. The Redact action is not available for the Email object and attachments.

  • Report as False Positive with Business Justification: This option allows end users to report false positive alerts and provide a business justification as to why the alert is considered to be false positive.

  • Report as False Positive: This option allows end users to report false positive alerts.

  • When a Violation is Reported as False Positive: You can use this option to set actions to be taken when a violation is reported as false positive by the end-user. You can either set the remediation to be automatic or manual.

  • Remind Every (until Violation expires): You can use this option to set a reminder for the end-user to take action on the violation. You can choose to remind the end user every 24, 48, or 72 hours.

PreviousDefining Detection RulesNextCreating the Policy

Last updated