For our purposes with Salesforce, we can either create new detectors, detection rules or utilize existing ones within your Nightfall tenant.
Navigate to Policies within the Salesforce tab to create a new policy for Salesforce DLP:
Here, we will create our first scanning Policy
Select Add new policy.
First, you will specify a policy name. Once complete, you can then select from a pre-defined list of objects and fields within the organization that you want to scan for sensitive data, within your policy.
Set the Scope, Detection Rule, and Automated Actions for your Scanning Policy
Once you select your policy settings of choice, please select 'Save' at the bottom. We will now look at setting up your alerting options for Salesforce.
Setting up Alerts for Salesforce DLP
Navigate to the Settings tab for Salesforce DLP.
You can choose to receive alerts in Slack, Email or Webhooks. You can setup either one of these alerting platforms to triage and remediate your Salesforce alerts.
By default, once Slack alerts are setup, all Salesforce DLP alerts are sent to the “nightfall-salesforce-alerts” channels in Slack. Please see screenshots below:
Select your alerting option of choice
Once you have your alerting options set, you can now start scanning your Salesforce instance in real time. For a reference guide on options for how to remediate violations, please see the link below: