All violations from Slack, Jira, Confluence, Google Drive are displayed in the dashboard and violations monitoring page. GitHub violations continue to be available in an independent page within the Nightfall console. Developer platform violations are not displayed within the Nightfall console as of today.
Violations monitoring within the Nightfall console provides an instantaneous, real-time view into violations across all integrations. All violations are expected to be displayed within the Nightfall console in approximately 3 seconds. We have load tested the performance with a total of 2 million violations with a mix of violations spread across large, medium and small sized customers.
All remediation actions supported within Slack alerts with each integration are also available within the violations monitoring page.
Dashboard and violations monitoring page display data from the last 180 days. Violations that are upto the last 30 days can be remediated via the console.
The columns and filters available are the same across each of the states. The following filters are available in the violations monitoring page:
- Timeperiod - Last X days (7 to 190 days)
- Integration - Slack, Google drive, Jira, Confluence
- Detector Name - Name of any detector configured within the system
- Likelihood - Possible, Likely, Very Likely
The following metadata attributes are displayed for violations of each of the integrations:
- Slack - Channel name, channel type - public, private channel or DM, Link to message, count of members in the channel or names of all users in the DM where the violation was found.
- Google drive - File type, File Size, File Link, Link settings/Permissions Setting, Shared With - Internal users, shared with - external users, viewers can download, File owner, created date, modified date, and file path.
- Jira - Ticket number, field, Project name, Project type, Event type attributes are displayed for each violation.
- Confluence - Item name, Item type, is archived, created date, modified date, labels, space name, parent page name, author name, author email are displayed for each violation.
In addition to the integration specific metadata attributes, Nightfall displays the latest action taken on a violation along with the message or file snippets.
- Top level widget displays a count of all, active, and actioned violations.
- Trend of violations across native integrations over a specific time period.
- Distribution of violations by detectors. A maximum of 10 detectors are shown in this widget. All detectors beyond 10 are hidden behind a show X more badge.
- Distribution of violations by policies. A maximum of 5 policies with most violations are displayed after which violations across all other policies is clubbed into a “Others” category.
- Highest risk users widget. A highest risk user is one who has the most number of violations within the applicable time period on each integration. Nightfall displays the user name, count of all violations within the applicable time-period and the name of the integration within which the violations were found for each highest risk user.
Clicking on each of these widgets is a further drill-down into the violations monitoring page with a pre-filtered list of violations as per the filters applied on the dashboard.
The violation is transitioned from the actioned tab to the reported tab. In a future release, all false positives will be labeled in our data pipeline and such tokens will not be reported as violations going forward.
Yes, manual remediation actions taken on Slack or Email alerts for Slack, Jira, Google Drive will update the status of the violation in the violations monitoring page as well. Whenever a manual remediation action is taken, active violations will be transitioned to the actioned tab. The last action taken attribute in the UI will also be updated with the user name and timestamp when the manual remediation action was taken in slack or email.