Real Time Scanning
See how Confluence real-time scanning works with the new and improved Nightfall for Confluence integration
Nightfall's integration with Confluence allows you to scan for all changes in Confluence in real-time and receive alerts on any violations. This feature allows for security teams to enforce data protection policies on an ongoing basis and remediate violations as soon as they happen. An example Nightfall console with Confluence Real-time Scanning can be seen below. An important thing to note, Confluence Historical scanning will still be included, and will be available as an option from the console. In the display below, you will see the option on the top right for 'Historical scans'.
Sample view of a Nightfall console with Confluence real-time scanning enabled
Similar to our other integrations, you will create a Confluence Scanning Policy, specific to your Confluence environment.
Confluence Policies will have the same inputs as the current product. You will be able to filter by Confluence Spaces or Pages, as well as excluding certain pages accordingly.
Scope determination of your Confluence policy
Apply policies flexibly, based on your Confluence Spaces and Pages.
This will allow you to scan different areas of Confluence for different types of content. What constitutes a “violation” may differ from one area of Confluence to another. For example, you may be okay with sharing PII in a private HR Space, but not in Spaces that are shared across the company.
Without policy flexibility, organizations are forced to take more of an “all or nothing” approach - even if there is only one place where PII is not okay, you’ll get alerts when it appears anywhere. This leads to noise / alerts for data occurrences they you do not really care about. With policy flexibility, alerts are targeted to the violations that truly matter.
You can combine multiple detection rules into one policy, and apply that policy within Confluence. This will allow for a more intuitive way to set up Nightfall, especially valuable for users with multiple integrations.
You can set up general detection rules based on compliance or risk mitigation needs. For example, a PHI detection rule that they might decide to apply to Confluence and to GDrive, but not to GitHub. This also allows you to chain groups of detectors together with AND/OR logic, which is helpful when scanning for PHI.
Users can configure alerts via Slack, webhook and/or email.
You can receive alerts in the tools you’re already using. If you manages your security workflow in a tool other than Slack, you can send alerts there through an email or webhook integration. Webhook alerts also enable users to funnel Nightfall alerts to a SIEM, which enables logging for compliance purposes.