Installation Instructions

Use this guide to get started with the installation of the new Nightfall for Slack integration

For users of the new Nightfall for Slack product, please continue with the installation steps below:

Overview

With the new features that Nightfall for Slack has to offer, it's important to know where to start. Please follow the steps below in our installation instructions to get set up:

  1. Install the Nightfall Slack bot

Please log in to the Nightfall console at app.nightfall.ai. Once logged in, please navigate to the Slack option, on the left hand side of the console.

Installation

Nightfall Pro DLP for Slack

Please select the ‘Add to Slack’ option to Authorize the Discovery API access into the Slack environment and to add the Nightfall app to Slack.

After clicking 'Add to Slack', you will be directed to the 'Allow' page. Be sure to select the correct workspace associated with your Nightfall account.

After you click 'Allow', you will be directed to setup instructions - please complete these steps to start receiving alerts.

Note: Upon installation, the bot must be added to the channels that you would like to monitor

To invite the bot to a channel, you can use the command depicted below:

/invite @Nightfall Pro #[channel]

If you would like to have Nightfall add the bot to all your public channels, please reach out to [email protected], and we can help with the request.

Nightfall Enterprise DLP for Slack

The below screenshot depicts a user that is on the Slack Enterprise tier.

Please select the ‘Authorize’ option to Authorize the Discovery API access into the Slack environment. This will require you to be a Workspace Owner in Slack.

After clicking 'Authorize', you will be directed to the 'Allow' page. Be sure to select the correct workspace associated with your Nightfall account before clicking 'Allow'. Once complete, Nightfall will be able to access the Discovery API.

If this authorization fails, it most likely means that the Discovery API is not yet enabled in your Slack organization. Please contact your Slack sales rep or email [email protected] to enable this.

After granting access to the Discovery API, you will be directed back to the dashboard to install the Nightfall Enterprise bot. Please click 'Install' to grant our bot access to your Slack workspace.

Now, please select the ‘Install’ option.

After clicking 'Install', you will be directed to another 'Allow' page. Again, please be sure to select the correct workspace associated with your Nightfall account before clicking 'Allow'.

The workspace you select here will be the one in which Nightfall creates new private channels in which to send you DLP alerts and triage the quarantine. Once complete, Nightfall will be installed in your Slack workspace.

Create your first Slack Policy

The instructions below are a bit different for the Slack Pro and Slack Enterprise options. Please refer to the Slack tier that you will be using.

Nightfall Pro DLP for Slack

Please navigate to the Slack option, on the left hand side of the console.

This is the screen from which we will be setting up and operating the Nightfall for Slack integration. To create your first policy, please select the ‘+ New policy’ option:

Once you name the policy, the first option for configuration will be the Scope. This scope refers to the channel types that you would like to monitor for this policy, both internal and external.

Monitoring can be done on Public or Private channels for both Internal AND Connect Slack channels

Note: As is depicted in the screenshot below, the Nightfall Pro bot MUST be added to all channels that you would like to scan. If you would like to have Nightfall add the bot to all your public channels, please reach out to [email protected], and we can help with the request.

Once you select the scope, the next step is the detection rule.

You will now see the option to add your detection rules of choice to this Slack Policy. If you do not have any detection rules set up, please go here for more info on how to set up Detection Rules.

Note: As mentioned above, you can add multiple detection rules to the Slack Policies

Once you have added your detection rule of choice, we can now select the Automated Actions that we would like to take, when a policy violation is detected.

For Slack Pro, the options are to Notify the user, or to Delete the message that caused the violation.

The next step is alerting. By default, the Slack channel that will receive alerts from Nightfall, is #nightfall-slack-alerts.

As shown below, the set up for your first Slack Policy is now complete and you can now save the policy.

Nightfall Enterprise DLP for Slack

Please navigate to the Slack option, on the left hand side of the console.

This is the screen from which we will be setting up and operating the Nightfall for Slack integration. To create your first policy, please select the ‘+ New policy’ option:

Once you name the policy, the first option for configuration will be the Scope. This scope refers to the channel types that you would like to monitor, for this policy, both internal and external.

Monitoring can be done on Public/Private channels, as well as Direct Messages, for both Internal AND Connect Slack channels

Note: As is depicted in the screenshot below, you also have the option to Exclude specific channels from monitoring

You will now see the option to add your detection rules of choice to this Slack Policy. If you do not have any detection rules set up, please go here for more info on how to set up Detection Rules.

Once you have added your detection rules of choice, we can now select the Automated Actions that we would like to take, when a policy violation is detected.

For Slack Enterprise, the options are to Notify the user, Quarantine the message, or to Delete the message that caused the violation.

If you select the Quarantine option, the content of the message will be sent to the ‘#nightfall-content-slack’ channel, and the original message will be replaced with a tombstone message, indicating that the original message is no longer available.

The channel that will receive the alert messages for policy violations from is #nightfall-alerts-slack. Similarly, for messages that are quarantined, an alert will also be sent to the #nightfall-quarantine-slack channel for all quarantined message alerts.

These channels can be seen in the screenshot below:

As shown below, the set up has been completed and you can now save the policy.