FAQs - Nightfall

Frequently Asked Questions: 
What happens if both delete and redact automated actions are configured in a policy? 
If you configure both redact and delete actions on a set of objects and fields, delete will always take precedence over redact. All potential sensitive tokens are automatically deleted from the configured objects and fields.
How do I configure a policy to auto-delete all credit card data but auto-redact SSN on a single object and field? 
You can create two policies on the object, field such that one policy with detection rule for the SSN detector with redaction as the automated action, and the other policy with detection rule for the credit card detector with deletion as the automated action.
Why can't Nightfall remediate sensitive information in the Email Message object? 
Email message is an immutable object in Salesforce and therefore Nightfall cannot modify the object record. You can delete the email by navigating to the email from the notification natively within Salesforce.
I received a notification for some sensitive information but the information was removed by the Salesforce user on their own. What would happen if I remediate the violation now? 
If the object record does not contain any sensitive information at the time of remediation, Nightfall will not remediate any data. Nightfall will always re-scan the violated object and fields before performing any modification via a manual remediation action.
What would happen if I perform manual remediation on an object record which was deleted from Salesforce? 
Nightfall will detect that the record does not exist anymore and will skip any further remediation and will send you a notification mentioning the same.
How would I know if the automated or manual remediation action was successful? 
You will receive a notification for every manual or automated remediation action you perform on the Nightfall alerts.
A new version of the attachment was uploaded, can I remediate the previous version which had sensitive information? 
Unfortunately, Salesforce does not provide an option to delete specific versions of a file. You can only delete the entire attachment. Since the version was updated, Nightfall will not delete the attachment and you will receive a notification with this information. You can manually delete the attachment natively in Salesforce.
If I have Einstein Activity Capture configured which synchronizes my mail and I see them natively in Salesforce. Can I detect sensitive information in them too? 
Unfortunately, no Nightfall at this point in time does not have the capability to detect sensitive information in any entity synced by Einstein Activity Capture.
What does the Nightfall DLP webhook notification for Salesforce look like?
Please see some example webhook responses below:
1.Violations
2.Manual Remediation
3.Automated Remediation
Violation
Manual Remediation
Automated Remediation
{
"detectionRulesLink": "https://app.nightfall.ai/?intendedRoute=detection-engine/detection-rules",
"detectionRulesViolated": "SSN DR",
"eventType": "violation",
"message": "Policy violation detected in Salesforce",
"policiesLink": "https://app.nightfall.ai/?intendedRoute=salesforce/?policyUUID%5B%5D=cfa52d83-76d4-4840-a260-15e535c740a6",
"policiesViolated": "Account",
"service": "Salesforce",
"timestamp": "2022-06-22T06:34:30Z",
"violationID": "CRY7XI",
"violationMetadata": {
	"acknowledgeLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/acknowledge",
	"deleteRecordLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/delete",
	"event": "Record Updation",
	"fields": "description",
	"findingSnippets": [
		"SSN: 55*********."
	],
	"findings": "US social security number (SSN) (1 Very Likely)",
	"objectName": "Case",
	"orgName": "NightfallProdDemo",
	"orgType": "Sandbox",
	"recordID": "5008K000000yP86QAE",
	"recordLink": "https://prodnfdlpdemo--fullsandbo.sandbox.my.salesforce.com/5008K000000yP86QAE",
	"redactFindingsLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/redact",
	"who": "Mohit Mangnani",
	"whoLink": "https://prodnfdlpdemo--fullsandbo.sandbox.my.salesforce.com/0058a00000KgiirAAB"
},
"violationTime": "22 Jun 2022 at 6:34AM UTC"
}
{
	"eventType": "remediation",
	"message": "[email protected] deleted finding(s).",
	"remediationMetadata": {
		"ActionUser": "[email protected]",
		"actionType": "delete",
		"fields": "description",
		"objectName": "Case",
		"remediationType": "manual",
		"success": true,
		"unchangedFields": ""
	},
	"remediationTime": "22 Jun 2022 at 6:38AM UTC",
	"service": "Salesforce",
	"timestamp": "2022-06-22T06:38:07Z",
	"violationID": "CRY7XI"
}
{
   "eventType": "remediation",
   "message": "Automatically remediated finding(s) via an automated action configured on your Nightfall dashboard.",
   "remediationMetadata": {
      "ActionUser": "",
      "actionType": "",
      "fields": "description",
      "objectName": "Case",
      "remediationType": "automated",
      "success": true,
      "unchangedFields": ""
   },
   "remediationTime": "22 Jun 2022 at 6:40AM UTC",
   "service": "Salesforce",
   "timestamp": "2022-06-22T06:40:04Z",
   "violationID": "JVXIZS"
}
​
​

Managing Violations & Remediation Guide

Next - Account Management

User Administration

Last modified 1mo ago

Copy link

Outline