Alert Management Guiding Principles
Follow Nightfall's best practices for Alert Management and Remediation
Last updated
Was this helpful?
Follow Nightfall's best practices for Alert Management and Remediation
Last updated
Was this helpful?
As a best practice, any alerts that contain real, sensitive data should be remediated as soon as possible. This will minimize your security risk and will help set the tone for your DLP strategy moving forward. It is also encouraged to within the violation for easy reference, efficient collaboration and detector model improvements.
To lessen the load of which alerts need to be remediated, a best practice is to not take action on sample data or test data. Instead you can such data as false positives for easy reference and model improvements. Remediation should only be a focus for sensitive data that is found through the alerts.
If you already are reviewing an alert, it should be acknowledged to avoid duplicate efforts.