Nightfall
HomeLoginDeveloper PlatformContact Us
Search…
Introduction
Why Cloud DLP?
Product Updates
Operationalizing DLP
Informing & Coaching Business Users
Running Historical Scans
Alert Management Guiding Principles
Integrating with Security Tools
Detection Engine
Getting Started
How Detection Works
Detectors
Detection Engine FAQs
Evaluating Detection
Nightfall for Slack
Nightfall for Slack: Demo Video
Getting Started
Alert Management
Remediation Guide
FAQs
Nightfall for Slack Overview
Nightfall for GitHub
Real-Time Scanning
Historical Scanning
Nightfall for GitHub Overview
Radar API Reference
Exporting Reports & Results
Integrating Webhook Endpoints
Integrating with Jira
Remediation Guide
Managed Services
FAQs
NIGHTFALL FOR GOOGLE DRIVE
Getting Started
Alert Management
Nightfall for Google Drive Overview
Remediation Guide
Historical Scanning
Nightfall for Confluence
Getting Started
Alert Management
Remediation Guide
Nightfall for Jira
Nightfall for Jira Overview
Remediation Guide
Getting Started
Account Management
User Administration
Authentication Options
Compliance
SOC 2 Compliance
HIPAA Compliance
PCI Compliance
Resources
FAQs
Login to Nightfall
Developer Platform
Platform Status
Contact Us
Powered By GitBook
Remediation Guide
Sensitive data like personal information or credentials can pose a large risk when found in Slack messages. Read our guide to remediating these DLP risks in Slack.
Nightfall’s Slack integration offers the ability to set up automated remediation workflows. In general, we recommend that before setting up automated remediation workflows, you first test detection while leveraging manual workflows. Once you’ve optimized detection and identified key patterns in the types of violations and required remediation action, you can automate the process.
Slack alerts on violations in real time, and remediation actions are taken from within the Slack interface.
Manual Slack remediation options will appear as options within the violation alert, and include:
  • Delete the violation (Pro and Enterprise)
  • Notify the end user
  • Quarantine the violation (places the violation in the “Content” channel and the “Quarantine channel) (work on Nightfall for Slack Enterprise plan only)
There are also Automated actions available for the Slack Pro and Slack Enterprise integrations, which are illustrated below:

Automated Actions for Slack Pro

For Slack Pro, the options for Automated Actions are to Notify the user, or to Delete the message that caused the violation.

Automated Actions for Slack Enterprise

For Slack Enterprise, the options are to Notify the user, Quarantine the message, or to Delete the message that caused the violation.
If you select the Quarantine option, the content of the message will be sent to the ‘#nightfall-content-slack’ channel, and the original message will be replaced with a tombstone message, indicating that the original message is no longer available.
The channel that will receive the alert messages for policy violations from is #nightfall-alerts-slack. Similarly, for messages that are quarantined, an alert will also be sent to the #nightfall-quarantine-slack channel for all quarantined message alerts.
Nightfall for Slack - Previous
Alert Management
Next - Nightfall for Slack
FAQs
Last modified 1mo ago
Copy link
Contents
Automated Actions for Slack Pro
Automated Actions for Slack Enterprise