FAQs
All violations from Slack, Jira, Confluence, Google Drive are displayed in the dashboard and violations monitoring page. GitHub violations continue to be available in an independent page within the Nightfall console. Developer platform violations are not displayed within the Nightfall console as of today.
Violations monitoring within the Nightfall console provides an instantaneous, real-time view into violations across all integrations. All violations are expected to be displayed within the Nightfall console in approximately 3 seconds. We have load tested the performance with a total of 2 million violations with a mix of violations spread across large, medium and small sized customers.
All remediation actions supported within Slack alerts with each integration are also available within the violations monitoring page.
Dashboard and violations monitoring page display data from the last 180 days. Violations that are upto the last 30 days can be remediated via the console.
Active | Any new violation that has never been remediated via Slack alerts or from the Nightfall console. At any point in time, security teams start looking at active alerts to triage and remediate data security risks. |
|---|---|
Active | Any new violation that has never been remediated via Slack alerts or from the Nightfall console. At any point in time, security teams start looking at active alerts to triage and remediate data security risks. |
Quarantined | Any violation that was quarantined via the Slack alert or from the Nightfall console. All quarantined violations can be approved or rejected similar to how it is possible today on Slack alerts. |
Actioned | A violation is transitioned into an active state any time any remediation action is taken on an alert via Slack or the Nightfall console. |
Archived | Any violation that is up to 30 days old and that can no longer be remediated via the Nightfall console is displayed in the Archived state. |
Reported | All violations reported as false positives and the violations marked as ignored will be displayed in the Reported state. |
All | All violations that have been reported by Nightfall within the last 180 days. |
The columns and filters available are the same across each of the states. The following filters are available in the violations monitoring page:
- Timeperiod - Last X days (7 to 190 days)
- Integration - Slack, Google drive, Jira, Confluence
- Detector Name - Name of any detector configured within the system
- Likelihood - Possible, Likely, Very Likely
User | Name of the user as available from the respective native integration. |
Integration | Name of the native integration. |
Finding | Detector name along with the likelihood of the finding. |
When | Date and time when the violation was first detected. |
Violated policies | List of all policies that were violated. Each row is aggregated by policy. |
Status | Last action taken on the violation. Name of the Nightfall user aka administrator who took the action. |
The following metadata attributes are displayed for violations of each of the integrations:
- Slack - Channel name, channel type - public, private channel or DM, Link to message, count of members in the channel or names of all users in the DM where the violation was found.
- Google drive - File type, File Size, File Link, Link settings/Permissions Setting, Shared With - Internal users, shared with - external users, viewers can download, File owner, created date, modified date, and file path.
- Jira - Ticket number, field, Project name, Project type, Event type attributes are displayed for each violation.
- Confluence - Item name, Item type, is archived, created date, modified date, labels, space name, parent page name, author name, author email are displayed for each violation.
In addition to the integration specific metadata attributes, Nightfall displays the latest action taken on a violation along with the message or file snippets.
- Top level widget displays a count of all, active, and actioned violations.
- Trend of violations across native integrations over a specific time period.
- Distribution of violations by detectors. A maximum of 10 detectors are shown in this widget. All detectors beyond 10 are hidden behind a show X more badge.
- Distribution of violations by policies. A maximum of 5 policies with most violations are displayed after which violations across all other policies is clubbed into a “Others” category.
- Highest risk users widget. A highest risk user is one who has the most number of violations within the applicable time period on each integration. Nightfall displays the user name, count of all violations within the applicable time-period and the name of the integration within which the violations were found for each highest risk user.
Clicking on each of these widgets is a further drill-down into the violations monitoring page with a pre-filtered list of violations as per the filters applied on the dashboard.
The violation is transitioned from the actioned tab to the reported tab. In a future release, all false positives will be labeled in our data pipeline and such tokens will not be reported as violations going forward.
Yes, manual remediation actions taken on Slack or Email alerts for Slack, Jira, Google Drive will update the status of the violation in the violations monitoring page as well. Whenever a manual remediation action is taken, active violations will be transitioned to the actioned tab. The last action taken attribute in the UI will also be updated with the user name and timestamp when the manual remediation action was taken in slack or email.
Remediation Action | Slack | Jira | Confluence | Google Drive |
|---|---|---|---|---|
Notify via Slack | Users will be notified via Slack. | Users will be notified via Slack. | Users will be notified via Slack. | Users will be notified via Slack. |
Notify via Email | Users will be notified via email. | Users will be notified via email. | Users will be notified via email. | Users will be notified via email. |
Redact | Redaction is not supported on files. Redaction is ignored on messages that were either quarantined or no longer have any sensitive tokens. | Redaction is ignored if the sensitive token no longer exists. | N/A | N/A |
Delete | Deletion fails if the message was deleted earlier. | Deletion fails if the attachment no longer exists. | Deletion fails if attachment no longer exists. | N/A |
Quarantine | Quarantine fails if the message was redacted earlier or edited such that it no longer has any sensitive tokens. | NA | NA | NA |
Change link settings | NA | NA | NA | Operation fails If the link setting has already been changed. |
Remove internal users | NA | NA | NA | If the file is in a shared drive, Nightfall may not be able to remove all internal users as some may inherit permissions on the file. |
Remove external users | NA | NA | NA | Operation fails If external users have already been removed. |
Ignore | | | | |
Report as False Positive | | | | |
Last modified 21d ago