A change log of updates to Nightfall.
You can now act on a finding instantly from within the Violation dashboard. This will save you time on eliminating False positive and gaining attention to serious violations.
Send to Jira. Applies to all integrations.
You can now send a violation to Jira as a ticket for easier tracking and resolution.
Integration: Salesforce Service Cloud
Nightfall DLP for Salesforce now supports Salesforce Service Cloud. You can scan all the 8 standard objects and all associated standard, custom fields within the objects in Service Cloud using the same Nightfall package that supports Sales Cloud.
Enhancement: Salesforce Support for platform events
Nightfall DLP for Salesforce now supports platform events that utilize apex triggers to push updates to platform events Nightfall reads the updates from platform events and minimizes any impact of apex trigger limits to the Salesforce org.
Nightfall also creates triggers only for those objects, and fields that are defined in a policy instead of enabling trigger on all objects and fields.
Real-time scanning for Zendesk tickets is now available. Nightfall can:
. scan all tickets in real-time within a Zendesk instance.
. enable easy onboard and setup.
. support multiple instances.
. send slack, Email, and Webhook Alerts
Enhancement: Advanced Secrets Detection
The Advanced Secrets Detection improves the accuracy of the existing API key detector and extends it to identify keys from top SaaS and Cloud vendors and determines if a vendor key is an active risk. Advanced API key detector performs using two models:
. Vendor-specific API key model - detects secrets from the top 25 SaaS and Cloud services. Nightfall labels the secret findings by vendor and service type and determines with the secret if it is an active risk.
. General API key model - an ML-based model encompassing the complete range of secrets types and forms. The model includes regex candidate scanning, a ML-based token model, and an ML-based context model.
Detector: HIPAA PHI
Nightfall HIPAA Detector uses Artificial Intelligence (AI) to accurately identify the exposure of patient data with maximum accuracy and relevance. It uses 15 dimensions of patient data (like person name, Date of Birth, Social Security Number, address, diagnosis, medications, etc.) in concert.
Detector: File Detector- Based Exclusions
You can now bulk ignore noise generated by known file sources, file types or any finding that matches an entry in a file-based dictionary.
You can do this by customizing a detector to ignore findings in a given file type, a given file of a match in a dictionary file. Customers can utilize existing dictionaries, file type detectors or file fingerprint detectors to author an exclusion rule.
Nightfall can perform manual or automated remediation action to redact text-based findings in pages and blog posts within Confluence.
Enhancement: Detection Rules Page
Improved Search, improved detection rule creating and editing experience.
Detector: File-Related Detectors
Nightfall now has new specialized file related detectors.
. File Fingerprint Detector - creates a unique hash of the sensitive files that enables you to receive alerts and discover where they are located or shared.
. File Type - Receive alerts when certain file types (like audio or video) are discovered. You can adhere to compliance policies that prohibit certain file types from being shared on particular applications or storage locations. These file types are detected regardless of file extension.
File Name - You can scan for sensitive data in file names a well as file content by setting the “scope” of detection on your Detectors. Use regular expressions to match either file extensions or file names.
Remediation: Disabling Download in Google Drive
A new remediation option is available for violations detected in Google Drive. From the violations console, administrator can disable download of offending files. Click More Options ellipsis (...) next to a violation finding to access the option.
Enhancement: HTTP Header Support in Webhooks
You can now provide custom HTTP headers to alerts sent to webhooks. These headers may be used to support systems collecting SIEM data that do not allow for query string authentication as well as other purposes such as routing.
Enhancement: Violations monitoring
Enhancements for a simplified, efficient violation monitoring workflow:
. Finding type to be the first column as a stronger risk assessment vector.
. Age of violation is the primary way date and time are factored into risk assessment.
. Violation status is instantly visible/available with color-coded status pills.
. Improved UI reducing the amount of content displayed by removing policies, and integration columns.
Enhancement: Historical Scans
Historical scans in Google Drive and Confluence are now disabled by default for all new Nightfall customers. You can reach out to Nightfall support to request historical scans in Google drive or Confluence. Existing customers shall continue to view historical scans from the console.
Integration: Slack - User and App exclusions
Nightfall administrators can instantly select specific users of apps whose messages must be excluded from scans. This feature is supported on both Slack Pro & Enterprise.
Enhancement: Webhook alerts - Updated schema v2
Updated schema for webhook alerts enables you to:
1. Filter and report per tenant with a company UUID key/value pair in each alert.
2. Consolidate common fields into one, coherent core set that is shared across all integrations for consistent, out-of-the-box reporting and analytics across all integrations.
3. List all findings up to 1000 per alert removing aggregation/summary for detailed downstream reporting an analytics.
4. Remove findings results from JSON key names eliminating custom scripting required to extract and analyze findings.
5. Keep Integration specific information under integration metadata.
Integration: Nightfall for Salesforce
Salesforce data security and compliance is now available to all customers. Scan objects and fields in real-time and take remediation actions from Slack, email alerts or the Nightfall console to eliminate data exposure risks.
Customers can now navigate directly to Dashboard → Generate Reports to access four independent reports:
1. Policy violations report - Aggregation of violations along with distribution by confidence thresholds and status by the policy.
2. Highest risk users report - Aggregation of violations along with distribution by confidence thresholds and status by each user.
3. Total data scanned report - Summary of total data and items scanned per integration.
4. Sensitive data exposure report
Remediation: Nightfall for Confluence
You can now set up remediation actions to be taken from your Confluence policies. Alerts can be used to trigger manual or automated actions.
Integration: Nightfall for Salesforce
You can use Nightfall to scan sandbox and production organizations in Salesforce in real-time.
Enhancement: Nightfall Console - Dashboard and Violations Monitoring
The new Violations UI in the console now displays real-time visualizations that show:
. Violations with the distribution of active and resolved violations
. Distribution of violations cross all integrations with the ability filter to a specific integration
. Distribution of violations across detectors and policies
. Highest risk users with a flexibility to filter by integration likelihood, and detector
Real-time Scanning: Nightfall for Confluence
Scan all Changes in your Confluence environment in real-time and receive immediate alerts on any violations. The update includes user interface enhancements that simplify the configuration.
. Take automatic or manual remediation actions in Jira including:
. Notifying the file owner
. Redacting sensitive findings
. Deleting attachments
For more information, see Nightfall’s Jira Remediation Guide
Remediation: Nightfall for Jira
Enhancement: Nightfall for Slack, GDrive, Jira: Custom Notifications in Alerts
You can send custom notifications for Slack, Google Drive, and Jira alerts.
. Reference your internal security policy.
. Direct end users to helpful security resources from an alert notification.
Redaction: Nightfall for Slack - Message Redaction
Nightfall Slack Enterprise are now able to use redaction as remediation action for messages.
Remediation: Nightfall for GDrive
Nightfall has added actions to violation alerts for GDrive. You can take remedial action with a click.
Integration: Nightfall for Slack
Nightfall’s revamped Slack Integration is now in GA, featuring:
. Enhanced policy flexibility.
. More context in end user alerts Updated UI.
View finding snippets within alerts from Nightfall's native integrations.
. Easily locate findings in long documents or spreadsheets with many tabs.
. Make judgements at a glance about a violation’s severity.
Integration: Nightfall for Jira
Real time scanning for Jira is available.
. Scan for all changes in Jira and receive immediate alert for any violations.
. New policy flexibility allows for multiple alert triggers per Jira Project.