Links

Managing Violations and Remediation

You can manage violations on your data and the require remediation actions
Nightfall supports both manual and automated remediation on policy violations. However, you cannot view policy violations on the Nightfall dashboard or violations monitoring page.
NOTE: The Redact and delete action is not supported on "picklist" field types.

Remediating Policy Violations

  • Acknowledge: Low priority - acknowledge and ignore the violation.
  • Redact: Sensitive Information is replaced with this message “[This content was redacted as it contained potential sensitive information.]”
  • Delete Findings: If attachments, they are deleted. Sensitive information is replaced with this messages “[This content was deleted as it contained potential sensitive information.]”
For example, on the sample alert below, you can perform the remediation tasks mentioned under Take Action:
You can view policy violation alerts on the channel that you configured - Slack or Email. Within the channel, you can perform remediation action on the alert sent by Nightfall.

Options:

Acknowledge
Acknowledge and ignore the violation as it is not a high priority.
Redact
Sensitive token is replaced with this message in Salesforce:
“[This content was redacted as it contained potential sensitive information.]”
Delete
In case of attachments, Nightfall deletes the entire file. In case of sensitive tokens within text of a relevant field, the text is replaced with this message in Salesforce.
“[This content was deleted as it contained potential sensitive information.]”

Automating Remediation

You can automate remediation actions from Nightfall console.
Under Automated Actions, check the options you want.
  • Delete
  • Redact
You are set up for nightfall to work with your Salesforce instance.

Manual Remediation Notification

The following payload is sent to the designated webhook when a manual remediation is performed for a violation, which indicates which fields have been modified on a given object.
{
"eventType": "remediation",
"message": "[email protected] deleted finding(s).",
"remediationMetadata": {
"ActionUser": "[email protected]",
"actionType": "delete",
"fields": "description",
"objectName": "Case",
"remediationType": "manual",
"success": true,
"unchangedFields": ""
},
"remediationTime": "22 Jun 2022 at 6:38AM UTC",
"service": "Salesforce",
"timestamp": "2022-06-22T06:38:07Z",
"violationID": "CRY7XI"
}

Automated Remediation Notification

The following payload will be sent to the designated webhook when Nightfall automatically remediates a violation, which indicates which fields have been modified on a given object.
{
"eventType": "remediation",
"message": "Automatically remediated finding(s) via an automated action configured on your Nightfall dashboard.",
"remediationMetadata": {
"ActionUser": "",
"actionType": "",
"fields": "description",
"objectName": "Case",
"remediationType": "automated",
"success": true,
"unchangedFields": ""
},
"remediationTime": "22 Jun 2022 at 6:40AM UTC",
"service": "Salesforce",
"timestamp": "2022-06-22T06:40:04Z",
"violationID": "JVXIZS"
}
You should now be all set to start using the Salesforce integration, as well as to manage your alerts as they start to come in.
For any support questions, please feel free to continue to explore the Help Center, specifically the Salesforce FAQs section below, or to reach out to [email protected]: