Scope

The Scope section determines which areas of Nightfall needs to be monitored by Nightfall for Exfiltration. You can choose one or all of the following data types to be monitored.

  • Attachments & Files

  • Reports

  • Records & Objects

After you make the required selection, you can also add filters to monitor specific Salesforce users or Salesforce profiles.

If you have connected multiple Salesforce org, the scope page allows you to select one and only one Salesforce org for the policy.

Nightfall can detect download actions done only from the Salesforce lightning version. Any download action done on the Salesforce Classic version cannot be detected by Nightfall.

Data Types

In the Data Types section, you must select the Salesforce data types to be monitored. By default, all the three data types are selected. You can choose to either retain all the three data types or clear any of the data types.

It is mandatory to select at least one data type for monitoring.

Filters

The Filters section allows you to add additional filters, on top of the selected data types, to narrow down the monitoring scope. Nightfall provides the following two types of filters.

Internal Users

You can choose specific Salesforce users whose activities need to be monitored or excluded from being monitored. Nightfall populates the list of all your users from Salesforce. You need to select either the users whose activities need to be monitored or the users whose activities need to be excluded from monitoring.

To add Users filter, click Add Filter and select Internal Users.

To monitor specific users, select the Monitor specific option. To exclude specific users from being monitored, select the Monitor all, except option.

Nightfall populates the list of Salesforce users in the Search users field. You can select the all the required users.

Salesforce Profiles

You can choose specific Salesforce profiles whose activities need to be monitored or excluded from being monitored. Nightfall populates the list of all your Salesforce profiles. You need to select either the profiles whose activities need to be monitored or the profiles whose activities need to be excluded from monitoring.

To monitor specific Salesforce profiles, select the Monitor specific option. To exclude specific Salesforce profiles from being monitored, select the Monitor all, except option.

Nightfall populates the list of Salesforce profiles in the Search profiles field. You can select the all the required users.

Example Scenario

Contoso Ltd. uses Salesforce to host their applications. They have three users Steve, Rick, and Matt in their Salesforce org. These users are not Contoso employees. They are employees of Acme corp. which is a prospective customer of Contoso Ltd. Steve, Rick, and Matt are evaluating Constoso's app so that they can check if it meets Acme corp's requirements. Contoso has created a Salesforce profile called Prospective customers and added these three users to this profile

Contoso Ltd. uses Nightfall Salesforce exfiltration and wishes to check if any files with sensitive data is downloaded by any of these three users. They create a Salesforce exfiltration policy to monitor all the data types. They can choose one of the following filter.

  • They can use the Internal Users filter and add these three users.

  • They can select the Salesforce Profiles filter and add the Prospective customers profile to it. So, in future if any other prospective customers added, they are also automatically monitored.

PreviousIntegrationNextTrigger

Last updated