Violations UI
Learn how you can interact with your violations from the Nightfall console directly.
You are now able to see your Violations Directly from the Nightfall console, without having to go to your alert endpoint, whether it be Slack, email, or webhook. Note: This feature is currently still in Beta, and if you would like access, please reach out to your Customer Success Manager, or to [email protected] When multiple integrations are enabled, it is sometimes difficult to understand what sensitive data can live in each integration:
  • What type of sensitive data do I have across all integrations?
  • How many violations do I have? How many are active and how many are resolved?
  • What is the trend of violations over the last 7 days? 30 days? 90 days? 180 days? Is it trending down or is it going up?
  • Which detectors and policies are generating the most number of violations? Who are the highest risk users?
Using the new Violations UI in the console, you can now answer these questions via rich, real-time visualizations that show:
  • Total violations along with a distribution of active and resolved violations.
  • Distribution of violations across all integrations.
  • Ability to filter to a specific integration.
  • Distribution of violations across detectors and policies.
  • Highest risk users with a flexibility to filter by integration, likelihood and detector.
  • Ability to filter all views by integration or by time range up to the last 180 days.
You will see a new option on the top left side of your console view, titled 'Violations'. This will give you the Violations view.
You will notice a few things:
  • Column Names, mapping to the status of violations
    • You can designate the violations that already have been Actioned, Active, or Resolved.
  • Filtering options on the top right, which you can use to narrow down the Date Range, the specific Integration, the Detector, or Likelihood
To see the entire view of any violation, select the Status dropdown on the right, and you will see the following view:
Example Slack violation for Credit Card number and Social Security Number
Here you will see all the same information that you would see in an example Slack alert, which includes the following:
  • Metadata of Alert:
    • Location
    • Type
    • Message Link
    • Members
    • Redacted Finding Snippet
    • Likelihood
  • Actions Taken
    • In Slack, or other alert platforms, usually you would see the action logs as small messages after the alert
    • In the status view here, the Actions taken will populate in the 'Actions taken' section so you will have visibility on the remediation action underway by other users
Remediation steps will be included as part of update rollouts during the beta period. From the UI, you will be able to take remediation action directly the console, for multiple violations. This will help simplify the remediation workflow and add visibility for other integrations, all in the same place. The final piece is the ability to dashboard all the relevant metrics and information you will be interested in. This will also be included in the console prior to GA release, and updates will be recorded here. Note: As mentioned in the beginning, if you would like access to this Violations UI prior to GA release, please reach out to your Customer Success Manager or [email protected]
Copy link