Remediation Guide
Sensitive data like personal information or credentials can pose a large risk when found in Slack messages. Read our guide to remediating these DLP risks in Slack.
Nightfall’s Slack integration offers the ability to set up automated remediation workflows. In general, we recommend that before setting up automated remediation workflows, you first test detection while leveraging manual workflows. Once you’ve optimized detection and identified key patterns in the types of violations and required remediation action, you can automate the process.
Slack alerts on violations in real time, and remediation actions are taken from within the Slack interface.
Manual Slack remediation options will appear as options within the violation alert, and include:
  • Delete the violation (Pro and Enterprise)
  • Notify the end user
  • Quarantine the violation (places the violation in the “Content” channel and the “Quarantine channel) (works on Nightfall for Slack Enterprise plan only)
  • Redact message (will replace the message with a set of ** characters, aside from the first few characters) (works on Nightfall for Slack Enterprise plan only - only for messages, not for images/files)
Note: If you are an existing customer interested in using redaction as a remediation action, please reach out to your Customer Success Manager. Setup for redaction will require a reinstallation of the Nightfall for Slack Enterprise application.
There are also Automated actions available for the Slack Pro and Slack Enterprise integrations, which are illustrated below:

For Slack Pro, the options for Automated Actions are to Notify the user, or to Delete the message that caused the violation.
Automated Slack Pro remediation options can be found in the policy, and include:
  • Delete the violation
  • Notify the end user

Remediation options for Slack Enterprise can also be seen in the Policy view, and will include:
  • Delete the violation (Pro and Enterprise)
  • Notify the end user
  • Quarantine the violation (places the violation in the “Content” channel and the “Quarantine channel) (work on Nightfall for Slack Enterprise plan only)
  • Redact message (will replace the message with a set of ** characters, aside from the first few characters)
If you select the Quarantine option, the content of the message will be sent to the ‘#nightfall-content-slack’ channel, and the original message will be replaced with a tombstone message, indicating that the original message is no longer available.
The channel that will receive the alert messages for policy violations from is #nightfall-alerts-slack. Similarly, for messages that are quarantined, an alert will also be sent to the #nightfall-quarantine-slack channel for all quarantined message alerts.
Copy link
On this page
Automated Actions for Slack Pro
Automated Actions for Slack Enterprise