FAQs

Frequently Asked Questions for Nightfall DLP for Salesforce

I selected Delete and Redact in my Policy. Is that a problem?

If you opted for both Redact and Delete actions in a policy for a set of objects and fields, Delete takes precedence over redact.

All potential sensitive tokens are automatically deleted from the configured objects and fields.

On a single object, I want to configure a policy to automatically delete all credit card data, but auto-redact SSN.

You can create two policies on the object;

  • one policy with a detection rule for the SSN detector, with redaction as the automated action.

  • Another policy with a detection rule for credit card detector with delete as the automation action.

Why does Nightfall only scan emails that are sent, replied, forwarded but not the draft emails?

Salesforce may save emails in draft stage multiple times either because of the user action or automatically. Every save triggers a Salesforce event which causes Nightfall to scane the contents of the email draft if there is a policy to scan emails objects. This can lead to a situation where multiple violations are reported for the same sensitive data if the email is saved multiple times in the draft stage.

So, Nightfall has disabled scanning of emails as long as they are in draft stage. However, emails will continue to be be scanned when other operations happen, for examples emails are sent, replied and forwarded. The user can reach out to Nightfall if they wish Nightfall to scan the drafts too, but it should be noted that as described above, this can lead to the same findings getting flagged across violations whenever the draft is saved.

Nightfall doesn’t remediate sensitive information from Email Message object. How do I solve this?

Email message is an immutable object in Salesforce. Therefore, Nightfall cannot modify the object record. You can delete the email from within Salesforce, once you receive a notification.

I received a violation notification. However, the information was removed by the user in Salesforce. How will auto remediation respond?

If the object does not contain sensitive information at the time of remediation, Nightfall will not remediate any data. Nightfall will re-scan the violated object and fields before performing any remediation.

I performed manual remediation on an object record after the object was deleted from Salesforce. How do I know if it was successful?

Nightfall detects that the object record does not existing anymore, and will stop remediation. A notification is sent to you.

How do I know if remediation action was successful?

Nightfall sends notifications for remediation action it performs.

A new version of the attachment was uploaded, can I remediate the previous version which had sensitive information?

No. Salesforce does not provide the option to delete specific versions of a file. You can only delete the entire attachment.

If the version was updated, and the object clears the scan, Nightfall will not delete the attachment and issues a notification with this information.

You can manually delete the attachment in Salesforce.

If I have Einstein Activity Capture configured which synchronizes my mail and I see them in Salesforce. Can Nightfall detect sensitive information in these objects too?

No. Nightfall does not have the capability to detect sensitive information in any entity synced by Einstein Activity Capture.

What does the Nightfall DLP webhook notification for Salesforce look like?

Please see some example webhook responses below:

  • Violations

  • Manual Remediation

  • Automated Remediation

Violation

{
"detectionRulesLink": "https://app.nightfall.ai/?intendedRoute=detection-engine/detection-rules",
"detectionRulesViolated": "SSN DR",
"eventType": "violation",
"message": "Policy violation detected in Salesforce",
"policiesLink": "https://app.nightfall.ai/?intendedRoute=salesforce/?policyUUID%5B%5D=cfa52d83-76d4-4840-a260-15e535c740a6",
"policiesViolated": "Account",
"service": "Salesforce",
"timestamp": "2022-06-22T06:34:30Z",
"violationID": "CRY7XI",
"violationMetadata": {
	"acknowledgeLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/acknowledge",
	"deleteRecordLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/delete",
	"event": "Record Updation",
	"fields": "description",
	"findingSnippets": [
		"SSN: 55*********."
	],
	"findings": "US social security number (SSN) (1 Very Likely)",
	"objectName": "Case",
	"orgName": "NightfallProdDemo",
	"orgType": "Sandbox",
	"recordID": "5008K000000yP86QAE",
	"recordLink": "https://prodnfdlpdemo--fullsandbo.sandbox.my.salesforce.com/5008K000000yP86QAE",
	"redactFindingsLink": "https://app.nightfall.ai/?intendedRoute=salesforce/remediation/082c0eb5-df1c-46cb-b8c2-f649747c9020/CRY7XI/redact",
	"who": "Mohit Mangnani",
	"whoLink": "https://prodnfdlpdemo--fullsandbo.sandbox.my.salesforce.com/0058a00000KgiirAAB"
},
"violationTime": "22 Jun 2022 at 6:34AM UTC"
}

Manual Remediation

{
	"eventType": "remediation",
	"message": "mohit+prod@nightfall.ai deleted finding(s).",
	"remediationMetadata": {
		"ActionUser": "mohit+prod@nightfall.ai",
		"actionType": "delete",
		"fields": "description",
		"objectName": "Case",
		"remediationType": "manual",
		"success": true,
		"unchangedFields": ""
	},
	"remediationTime": "22 Jun 2022 at 6:38AM UTC",
	"service": "Salesforce",
	"timestamp": "2022-06-22T06:38:07Z",
	"violationID": "CRY7XI"
}

Automated Remediation

{
	"eventType": "remediation",
	"message": "mohit+prod@nightfall.ai deleted finding(s).",
	"remediationMetadata": {
		"ActionUser": "mohit+prod@nightfall.ai",
		"actionType": "delete",
		"fields": "description",
		"objectName": "Case",
		"remediationType": "manual",
		"success": true,
		"unchangedFields": ""
	},
	"remediationTime": "22 Jun 2022 at 6:38AM UTC",
	"service": "Salesforce",
	"timestamp": "2022-06-22T06:38:07Z",
	"violationID": "CRY7XI"
}

PreviousDeleteNextGetting Started

Last updated