Links

FAQs

Frequently Asked Questions for Nightfall DLP for Salesforce

I selected Delete and Redact in my Policy. Is that a problem?

If you opted for both Redact and Delete actions in a policy for a set of objects and fields, Delete takes precedence over redact.
All potential sensitive tokens are automatically deleted from the configured objects and fields.

On a single object, I want to configure a policy to automatically delete all credit card data, but auto-redact SSN.

You can create two policies on the object;
  • one policy with a detection rule for the SSN detector, with redaction as the automated action.
  • Another policy with a detection rule for credit card detector with delete as the automation action.

Nightfall doesn’t remediate sensitive information from Email Message object. How do I solve this?

Email message is an immutable object in Salesforce. Therefore, Nightfall cannot modify the object record. You can delete the email from within Salesforce, once you receive a notification.
I received a violation notification. However, the information was removed by the user in Salesforce. How will auto remediation respond?
If the object does not contain sensitive information at the time of remediation, Nightfall will not remediate any data. Nightfall will re-scan the violated object and fields before performing any remediation.

I performed manual remediation on an object record after the object was deleted from Salesforce. How do I know if it was successful?

Nightfall detects that the object record does not existing anymore, and will stop remediation. A notification is sent to you.

How do I know if remediation action was successful?

Nightfall sends notifications for remediation action it performs.

A new version of the attachment was uploaded, can I remediate the previous version which had sensitive information?

No. Salesforce does not provide the option to delete specific versions of a file. You can only delete the entire attachment.
If the version was updated, and the object clears the scan, Nightfall will not delete the attachment and issues a notification with this information.
You can manually delete the attachment in Salesforce.

If I have Einstein Activity Capture configured which synchronizes my mail and I see them in Salesforce. Can Nightfall detect sensitive information in these objects too?

No. Nightfall does not have the capability to detect sensitive information in any entity synced by Einstein Activity Capture.

What does the Nightfall DLP webhook notification for Salesforce look like?

Please see some example webhook responses below:
  • Violations
  • Manual Remediation
  • Automated Remediation

Violation

{
"detectionRulesLink": "https://app.nightfall.ai/?intendedRoute=detection-engine/detection-rules",
"detectionRulesViolated": "SSN DR",
"eventType": "violation",
"message": "Policy violation detected in Salesforce",
"policiesLink": "https://app.nightfall.ai/?intendedRoute=salesforce/?policyUUID%5B%5D=cfa52d83-76d4-4840-a260-15e535c740a6",
"policiesViolated": "Account",
"service": "Salesforce",
"timestamp": "2022-06-22T06:34:30Z",
"violationID": "CRY7XI",
"violationMetadata": {
"acknowledgeLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/acknowledge",
"deleteRecordLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/delete",
"event": "Record Updation",
"fields": "description",
"findingSnippets": [
"SSN: 55*********."
],
"findings": "US social security number (SSN) (1 Very Likely)",
"objectName": "Case",
"orgName": "NightfallProdDemo",
"orgType": "Sandbox",
"recordID": "5008K000000yP86QAE",
"recordLink": "https://prodnfdlpdemo--fullsandbo.sandbox.my.salesforce.com/5008K000000yP86QAE",
"redactFindingsLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/redact",
"who": "Mohit Mangnani",
"whoLink": "https://prodnfdlpdemo--fullsandbo.sandbox.my.salesforce.com/0058a00000KgiirAAB"
},
"violationTime": "22 Jun 2022 at 6:34AM UTC"
}

Manual Remediation

{
"eventType": "remediation",
"message": "[email protected] deleted finding(s).",
"remediationMetadata": {
"ActionUser": "[email protected]",
"actionType": "delete",
"fields": "description",
"objectName": "Case",
"remediationType": "manual",
"success": true,
"unchangedFields": ""
},
"remediationTime": "22 Jun 2022 at 6:38AM UTC",
"service": "Salesforce",
"timestamp": "2022-06-22T06:38:07Z",
"violationID": "CRY7XI"
}

Automated Remediation

{
"eventType": "remediation",
"message": "[email protected] deleted finding(s).",
"remediationMetadata": {
"ActionUser": "[email protected]",
"actionType": "delete",
"fields": "description",
"objectName": "Case",
"remediationType": "manual",
"success": true,
"unchangedFields": ""
},
"remediationTime": "22 Jun 2022 at 6:38AM UTC",
"service": "Salesforce",
"timestamp": "2022-06-22T06:38:07Z",
"violationID": "CRY7XI"
}