Remediation Guide
Learn how to use Nightfall's Confluence remediation options as part of your DLP strategy.
Nightfall allows you to set up remediation actions from your Confluence policies.
Similar to our other integrations, remediation can be taken directly from the alerts themselves manually, as well as from the policy in an automated fashion as well. Please continue below to see the process of setting this up, as well as the remediation options available to you.
Now that Confluence real-time remediation has been released, you can take manual and automated actions directly from the console or from your policy.
Similar to our other integrations, remediation can be taken directly from the alerts themselves manually, as well as from the policy in an automated fashion as well. Please continue below to see the process of setting this up, as well as the remediation options available to you.
Manual remediation actions can be taken directly from the Violations UI for Confluence.
Upon receiving a violation alert, admin users can adjust permission (link and user) settings for the affected page/space, or notify the file owner. You will be able to remediate even if you do not have access to the page/space.
The main point of an alert is to highlight a potential problem so it can be fixed. With manual remediation options, there is a direct / simple way to resolve the risk directly from the Nightfall alert. This will save time and effort, and will reduce the risk of error (e.g. losing track of needed remediation).
Note: Confluence is the first integration to allow you to take manual action through the new Nightfall Violations Dashboard, as opposed to through Slack messages or email. This will make it possible for your InfoSec teams to assess the violation even if they do not have direct access to the file in Confluence, so they can decide whether to take remediation actions.
From the console, you have the options to take the following remediation actions:
- 1.Notify Confluence Page/Space owner
- 2.Redact Sensitive Findings
- 3.Delete Attachment (if finding seen in an attachment)
This will help automate the process of restricting an affected file’s sharing settings, or notifying the file owner. This eliminates steps for the InfoSec team - saves time and effort.
The follow up alerts will also let other InfoSec team members know that the violation has already been handled, to avoid duplicating efforts.
This can be set directly from the Nightfall console, as seen below:
Automated Actions available for Confluence
For historical scan results in Confluence, we recommend that you first group results by file and detector. Prioritize the Spaces/Pages with the most violations, open the Page, and delete the sensitive finding.
Delete all items that contain sensitive findings, including screenshots as well. This may be handled by your team, or by the end user, depending on your organization’s needs and access settings.
Note: Since we scan archived pages, but not previous versions of pages, we would recommend that when sensitive info is found, to remediate the info and then either delete each version in the history or to make a copy of the page and delete the original, which will remove the version history.
Questions to ask:
- 1.Is the sensitive data accurately identified?
- 2.Is it okay for the sensitive data to live on that page?
- 3.Is the data sample data?
- 4.Is the page archived?
- 5.Are there previous versions of the page that still contain the sensitive data?
If the data should not live in Confluence, ping the page author and ask them to remove or redact the data
In the findings file, we recommend marking each row as “No action needed” or “Resolved" to indicate that you have reviewed or addressed any violations.
For any further questions related to remediation or for Best Practices, please reach out to [email protected]
For historical scan results in Confluence, we recommend that you first group results by file and detector. Prioritize the Spaces/Pages with the most violations, open the Page, and delete the sensitive finding.
Delete all items that contain sensitive findings, including screenshots as well. This may be handled by your team, or by the end user, depending on your organization’s needs and access settings.
Note: Since we scan archived pages, but not previous versions of pages, we would recommend that when sensitive info is found, to remediate the info and then either delete each version in the history or to make a copy of the page and delete the original, which will remove the version history.
Questions to ask:
- 1.Is the sensitive data accurately identified?
- 2.Is it okay for the sensitive data to live on that page?
- 3.Is the data sample data?
- 4.Is the page archived?
- 5.Are there previous versions of the page that still contain the sensitive data?
If the data should not live in Confluence, ping the page author and ask them to remove or redact the data
In the findings file, we recommend marking each row as “No action needed” or “Resolved" to indicate that you have reviewed or addressed any violations.
For any further questions related to remediation or for Best Practices, please reach out to [email protected]
Last modified 3mo ago