Advanced Settings

This stage allows you to select automated notification channels or actions if a policy violation occurs.

Admin Alerting

This section allows you to send notifications to Nightfall users. The various alert methods are as follows. You must first turn on the toggle switch to use an alert method.

The steps to configure alert channels for policy-level integration are the same as in the case of integration-level alerts. You can refer to the Configure Alerts at the Integration Level document.

Automated Actions

Automated actions allow you to configure automated remediation actions when an exfiltration attempt is detected by Nightfall policy. Nightfall supports the following automated actions for Salesforce. You can choose to implement the automated action immediately after detecting a download attempt or after some time.

To enable the automated action, you must turn on the respective toggle switch.

Freeze Salesforce User Account

This action logs out the user from the Salesforce account. They cannot login until a Salesforce admin revokes the freeze on the account.

You must now select when exactly after detecting the event, the action must be triggered. if you select the Immediately option, the automated action is triggered immediately after the download attempt is made.

If you select the After option, you must select the time gap after which the automated action must be implemented.

Revoke User Permissions

This action revokes the permissions of the user. The user can now only view data across al Salesforce pages. They cannot download any data. This action assigns the user Salesforce's minimum access profile. You can learn more about this profile from this Salesforce document.

You must now select when exactly after detecting the event, the action must be triggered. if you select the Immediately option, the automated action is triggered immediately after the download attempt is made.

If you select the After option, you must select the time gap after which the automated action must be implemented.

End-User Notification

This section allows you to configure notifications to be sent to the end user whose actions triggered the violation.

Custom Message

Enter a custom message to be sent to the end user. This message is sent in an Email. You can modify the default message provided by Nightfall and draft your message. The total character length allowed is 1000 characters. You can also add hyperlinks in the custom message. The syntax is <link | text >. For example, to hyperlink www.nightfall.ai with the text Nightfall website, you must write <www.nightfall.ai|Nightfall website>.

Automation

The automation settings allow you to send notifications to end users. You can select one or both the notification methods. You must first turn on the toggle switch to use the automation option. The automation notification channels are as follows

• Email: This option sends an Email to the user who attempted the download.

• Slack: This option sends a Slack message to the user who attempted the download.

End-User Remediation

End-user remediation (also known as Human Firewall) allows you to configure remediation measures that end users can take, when a violation is detected on by their download attempt. You must turn on the toggle switch to use this option. End-users receive the remediation actions in an Email as an action item. The various available remediation actions for end-users are as follows.

• Report as False Positive with Business Justification: This option allows end users to report false positive alerts and provide a business justification as to why the alert is considered to be false positive.

When end-users report alerts as false positive, you can choose the resolution method to be either Automatic or manual.

If end-users do not take any remediation action, you can set the frequency at which they must receive the notifications to take action.