Getting Started

Use these steps to get started with Nightfall for Confluence.

To install the Nightfall App for Confluence, please follow the steps outlined below.

Step 1. Authenticate

Nightfall installs into your Confluence account as an Atlassian Connect app. So, the installation is completed in the Confluence UI.

First, enable Developer Mode via Atlassian's instructions here.

Upon refresh, you'll see the option to Upload app - click this link.

Next, input Nightfall's app descriptor URL: https://api.new.watchtower.ai/callback/confluence/v1/connect-app-config

Please reach out to your Nightfall Customer Success Manager or Support at [email protected] once you have reached this point - we will then validate the configuration from our side so you can complete the remaining steps to run your first scan.

Step 2. Create Detection Rule

First, we will configure our Detection Rule that defines the types of sensitive data we are looking for in Confluence. The detection rule is the Nightfall aggregation of detectors and confidence levels/findings that will dictate whether a violation or finding is recorded.

To learn more about Detection Rules and how to set them up, please refer to this article .

In the left sidebar, click "Detection Rules".

We strongly recommend configuring a simple detection rule to start as follows:

Detector

Minimum Confidence

Minimum Count

Credit Card Number

Likely

1

US Social Security Number

Likely

1

API Key

Likely

1

Now that our Detection Rule has been created, we will create our Confluence policy that will use this Detection Rule.

Step 3. Create Policy

Navigate to the Policies option, under the Confluence option on the left sidebar of the Nightfall console view.

To create your first policy, please select the ‘+ New Policy’ option:

The first step for policy creation will be naming the policy. The example screenshot policy below is called ‘High risk sensitive data’.

Define Policy Scope

The second step is to define the scope of the policy. The options for Scope are:

  • Everything - will scan all Confluence pages and spaces

  • Choose spaces - allows for specific Confluence spaces to be searched

  • Choose pages - allows for specific Confluence pages to be searched

Apply Detection Rule

Next, we will apply the Detection Rule we created in the prior step to this Policy. This means the Policy will be evaluating content against this Detection Rule to determine if it meets the criteria for a Violation or not.

Set Results Preferences

Once the detection rule has been applied, the next step in policy setup is the Findings Preview. Here, you can select how findings will be shown in the scan file, as well as to what extent the findings will be redacted.

The example configuration below has the ‘Include sensitive finding’ option, as ‘Partially redacted’. The example of this on the right shows that the sensitive finding is shown, but only the last 4 numbers are visible.

Allowing the ability to see a partially redacted version of the finding will allow you to review whether the violation is a false positive, or is a genuine violation of the intended detection rule.

Once this has been configured to your liking, you can save the policy with the option on the bottom of the screen.

Step 4. Kick-Off Your Scan

Now that a Confluence policy has been set up, we can go ahead and kick off our first scan!

Please navigate to the Scans option, underneath the Confluence option on the left sidebar of the Nightfall console.

To start the scan process, please select the ‘+ New scan’ option on the top right of the screen:

The first step for scan creation is to choose which policy it should be associated with. These are the policies that were configured in the previous step. For this example, the ‘High risk sensitive data’ policy has been chosen.

On the next screen, select the time range desired for the scan. The two options for time range are:

  • All history - will scan content from the beginning of Confluence account creation to now.

  • Choose specific date range - Select the specific dates between which you would like to have the scan run for. We recommend specifying date ranges as all history scans can take time, depending on how much content lives in your Confluence instance.

Once the time range has been selected, you can kick off the scan using the ‘Start Scan’ option on the bottom right of the screen.

Step 5. Accessing Results

Depending on the time range of the scan, the duration of the scan will vary. Once the scan is completed, you will see it in the Confluence -> Scans view.

The scan from this view will show a few important pieces of information:

  • Total # of findings

  • Total # of items

  • Date range

Select the option on the right to download the scan locally and to view all findings. This will download a Excel spreadsheet with the results, which you can filter/sort/search/edit as you review results. These exported results will include the following information:

  • Permalink, e.g. https://nightfalltest.atlassian.net/wiki/spaces/SST/pages/1114439681/Developer+page

  • Item Name, e.g. Developer page

  • Item ID, e.g. 1114

  • Item Type, e.g. page

  • Is Archived, e.g. true

  • Date Created, e.g. 2021-06-09 17:47:14.345 +0000 UTC

  • Date Last Modified, e.g. 2021-06-09 17:50:28.844 +0000 UTC

  • Labels

  • Space Name, e.g. Sample Space

  • Space ID, e.g. 65538

  • Parent Page Name, e.g. Confluence Scan

  • Parent Page ID, e.g. 65539

  • Author Name, e.g. John Smith

  • Author Email, e.g. [email protected]

  • Detector Triggered, e.g. API Key

  • Total Number of Findings, e.g. 2

  • Number of Very Likely Findings, e.g. 2

  • Number of Likely Findings, e.g. 0

  • Number of Possible Findings, e.g. 0

  • Number of Unlikely Findings, e.g. 0

  • Number of Very Unlikely Findings, e.g. 0

  • Finding Preview, e.g. {"Pre":"Okta API Key: "","Finding":"*-*-ML8D","Post":"”. Vivamus tempus l"}{"Pre":"GitHub access token: "","Finding":"**e7cb","Post":"". Proin vitae magna"}

These results can be exported externally, for example, into a shared folder on OneDrive, Google Drive, etc. These results can also be auto-populated into our analytics layer so you can build dashboards, sort, filter, visualize, search, and more. To set up one of these exporting mechanisms, please reach out to your Customer Success Manager or Nightfall Support at [email protected].

If after remediating violations you would like to confirm they have been resolved, you can restart the scan from this view, using the option on the far right of the ‘Scans’ page. Alternatively, if you would like to modify your policy or detection rule and then re-scan, you can repeat the steps above.

You should now be set up with your Nightfall for Confluence installation! For any questions or comments about these instructions, please reach out to [email protected].