Historical Scanning
Learn how to trigger historical scans in Confluence
Create Scanning Policy
Navigate to the Historical Scans section in the top right sidebar of the Nightfall console view.
The first step for policy creation will be naming the policy. The example screenshot policy below is called ‘High risk sensitive data’.
The second step is to define the scope of the policy. The options for Scope are:
- Everything - will scan all Confluence pages and spaces
- Choose spaces - allows for specific Confluence spaces to be searched
- Choose pages - allows for specific Confluence pages to be searched
Next, we will apply the Detection Rule we created in the prior step to this Policy. This means the Policy will be evaluating content against this Detection Rule to determine if it meets the criteria for a Violation or not.
Once the detection rule has been applied, the next step in policy setup is the Findings Preview. Here, you can select how findings will be shown in the scan file, as well as to what extent the findings will be redacted.
The example configuration below has the ‘Include sensitive finding’ option, as ‘Partially redacted’. The example of this on the right shows that the sensitive finding is shown, but only the last 4 numbers are visible.
Allowing the ability to see a partially redacted version of the finding will allow you to review whether the violation is a false positive, or is a genuine violation of the intended detection rule.
Once this has been configured to your liking, you can save the policy with the option on the bottom of the screen.
Now that a Confluence policy has been set up, we can go ahead and kick off our first scan!
To start the scan process, please select the ‘+ New scan’ option on the top right of the screen:
The first step for scan creation is to choose which policy it should be associated with. These are the policies that were configured in the previous step. For this example, the ‘High risk sensitive data’ policy has been chosen.
On the next screen, select the time range desired for the scan. The two options for time range are:
- All history - will scan content from the beginning of Confluence account creation to now.
- Choose specific date range - Select the specific dates between which you would like to have the scan run for. We recommend specifying date ranges as all history scans can take time, depending on how much content lives in your Confluence instance.
Once the time range has been selected, you can kick off the scan using the ‘Start Scan’ option on the bottom right of the screen.
Depending on the time range of the scan, the duration of the scan will vary. Once the scan is completed, you will see it in the Confluence -> Historical Scans view.
The scan from this view will show a few important pieces of information:
- Total # of findings
- Total # of items
- Date range
Select the option on the right to download the scan locally and to view all findings. This will download a Excel spreadsheet with the results, which you can filter/sort/search/edit as you review results. These exported results will include the following information:
- Permalink, e.g.
https://nightfalltest.atlassian.net/wiki/spaces/SST/pages/1114439681/Developer+page - Item Name, e.g.
Developer page - Item ID, e.g.
1114 - Item Type, e.g.
page - Is Archived, e.g.
true - Date Created, e.g.
2021-06-09 17:47:14.345 +0000 UTC - Date Last Modified, e.g.
2021-06-09 17:50:28.844 +0000 UTC - Labels
- Space Name, e.g.
Sample Space - Space ID, e.g.
65538 - Parent Page Name, e.g.
Confluence Scan - Parent Page ID, e.g.
65539 - Author Name, e.g.
John Smith - Author Email, e.g.
[email protected] - Detector Triggered, e.g.
API Key - Total Number of Findings, e.g.
2 - Number of Very Likely Findings, e.g.
2 - Number of Likely Findings, e.g.
0 - Number of Possible Findings, e.g.
0 - Number of Unlikely Findings, e.g.
0 - Number of Very Unlikely Findings, e.g.
0 - Finding Preview, e.g.
{"Pre":"Okta API Key: "","Finding":"*-*-ML8D","Post":"”. Vivamus tempus l"}{"Pre":"GitHub access token: "","Finding":"**e7cb","Post":"". Proin vitae magna"}
These results can be exported externally, for example, into a shared folder on OneDrive, Google Drive, etc. These results can also be auto-populated into our analytics layer so you can build dashboards, sort, filter, visualize, search, and more.
To set up one of these exporting mechanisms, please reach out to your Customer Success Manager or Nightfall Support at [email protected].