Deduplication and Automatic Resolution of Events
This document explains the Deduplication and Auto resolve features for Nightfall Events.
Last updated
This document explains the Deduplication and Auto resolve features for Nightfall Events.
Last updated
Deduplication reduces the number of distinct Events created for a finding that is already accounted for by an active Event. Deduplication prevents the creation of redundant Events which are related to an already existing Event.
When sensitive data is deleted from its location, Nightfall automatically changes the status of the related Event to Resolved. However, this process is not implemented in every scenario.
The following tables explains the various scenarios and how Deduplication and Auto resolve work in those scenarios, for each integration.
The user deletes sensitive data from a file.
The user removes credit card number 4242-4242-4242-4242 from the document called Data.
The event is automatically resolved.
The user deletes the document containing sensitive data without removing the sensitive data present in it.
The user deletes the document called Data without erasing the credit card number from it.
The Event is not resolved automatically.
Page
The user adds sensitive data to a Confluence page.
The user adds credit card number 4242-4242-4242-4242 to a Confluence page called Card.
A new event is created.
Page
The user duplicates sensitive data that already exists on a Confluence page.
The user adds credit card number 4242-4242-4242-4242 to the same page called Card.
The existing Event is updated with a new finding.
Page
The user adds new sensitive data to a page that already holds some sensitive data
The user adds credit card number 2424-2424-2424-2424 to the Confluence page Card.
A new event is created.
Comment
The user adds sensitive data in a comment.
The user adds credit card number 1243-1243-1243-1243 to the comment of a Confluence page called Card.
A new event is created.
Comment
The user duplicates sensitive data that already exists in a comment.
The user adds the credit card number 1243-1243-1243-1243 again to the same comment in the Confluence page called Card.
The existing Event is updated with a new finding.
Comment
The user adds new sensitive data to a comment that already has some sensitive data
The user adds credit card number 2143-2143-2143-2143 to the same comment on the Confluence page called Card.
A new event is created.
Comment
The user adds sensitive data that already exists in a comment, to a new comment.
The user adds a new comment to the Confluence page called Card. This new comment contains credit card number 8686-6868-8686-6868
A new event is created.
Attachments
The user adds an attachment with sensitive data.
The user attaches a document called file which contains sensitive data.
A new event is created.
Attachments
The user duplicates and reattaches sensitive data that already exists in an attachment.
The user attaches a document called file again.
The existing Event is updated with a new finding.
Attachments
The user adds a new attachment that contains sensitive data, which has already been reported.
The user attaches a document called file1. file1 has the same content as file.
A new event is created since Nightfall treats each attachment to be unique, irrespective of the data it contains.
The user deletes a Confluence page containing sensitive data
The user deletes the Confluence page called Card. This page contains credit card number 4242-4242-4242-4242.
The related event is resolved automatically.
The user deletes a comment containing sensitive data.
The user deletes the comment from the Confluence page called Card. The comment contained the credit card number 1243-1243-1243-1243.
The related event is resolved automatically.
The user deletes an attachment containing sensitive data.
The user deletes the attachment called file which contains sensitive data.
The related event is not resolved automatically.
The user deletes a Confluence page that contains sensitive data in the page, attachment, and comment.
The user deletes the Confluence page called Card. This page contained credit card number 4242-4242-4242-4242, a comment that contained credit card number 1243-1243-1243-1243, and an attachment called file which contained sensitive data.
The related event is resolved only for the Confluence page. Events for comment and attachment must be resolved manually.
Ticket
The user adds sensitive data to a Jira ticket.
The user adds API key abcd1234 to the ticket JIRA-1.
A new event is created.
Ticket
The user duplicates sensitive data that already exists in a Jira ticket.
The user adds the API key abcd1234 to the JIRA-1 ticket again.
The existing Event is updated with a new finding.
Ticket
The user adds new sensitive data to a ticket that already holds some sensitive data
The user adds the API key dcba1234 to the ticket JIRA-1 which already contains an API key abcd1234.
A new event is created.
Comment
The user adds sensitive data in a comment.
The user adds the credit card number 5678-8765-5678-8765 in a comment of the JIRA-1 ticket.
A new event is created.
Comment
The user duplicates sensitive data that already exists in a comment.
The user again adds the credit card number 5678-8765-5678-8765 in the same comment of the JIRA-1 ticket.
The existing Event is updated with a new finding.
Comment
The user adds new sensitive data to a comment that already has some sensitive data
The user adds the credit card number 8765-5678-8765-5678 to the comment of the JIRA-1 ticket. This comment already contains another credit card number 5678-8765-5678-8765
A new event is created.
Comment
The user adds sensitive data that already exists in a comment, to a new comment.
The user adds the credit card number 5678-8765-5678-8765 to another comment of the JIRA-1 ticket.
A new event is created.
Attachments
The user adds an attachment with sensitive data.
The user attaches a document called file which contains sensitive data to the JIRA-1 ticket.
A new event is created.
Attachments
The user adds a new attachment that contains sensitive data, which has already been reported.
The user adds an attachment that contains credit card number 5678-8765-5678-8765. This sensitive data has already been reported by Nightfall.
A new event is created since Nightfall treats each attachment to be unique, irrespective of the data it contains.
The user deletes a Jira ticket containing sensitive data.
The user deletes the JIRA ticket JIRA-1. This ticket contained sensitive data.
The related event is resolved automatically.
The user deletes a comment containing sensitive data.
The user deletes the comment for JIRA-1 ticket. This comment contained the credit card number 5678-8765-5678-8765.
The related event is resolved automatically.
The user deletes an attachment containing sensitive data.
The user deletes the document called file which contained sensitive data.
The related event is resolved automatically.
The user deletes a Jira ticket that contains sensitive data in the ticket, attachment, and comment.
The user deletes the JIRA-1 ticket. This ticket contained sensitive data in the ticket description, comment and attachment.
The related event is resolved only for the Jira ticket and the comment. Events for attachment must be resolved manually.
Page
The user adds sensitive data to a Notion page.
The user adds credit card number 4242-4242-4242-4242 to a Notion page called Card.
A new event is created.
Page
The user duplicates sensitive data that already exists on a Notion page.
The user adds credit card number 4242-4242-4242-4242 to the same page called Card.
The existing Event is updated with a new finding.
Page
Adds new sensitive data to a page that already holds some sensitive data
The user adds credit card number 2424-2424-2424-2424 to the Confluence page Card.
A new event is created.
Comment
Adds sensitive data in a comment.
The user adds credit card number 1243-1243-1243-1243 to the comment of a Notion page called Card.
A new event is created.
Comment
Duplicates sensitive data that already exists in a comment.
The user adds the credit card number 1243-1243-1243-1243 again to the same comment in the Notion page called Card.
The existing Event is updated with a new finding.
Comment
Adds new sensitive data to a comment that already has some sensitive data
The user adds credit card number 2143-2143-2143-2143 to the same comment on the Notion page called Card.
A new event is created.
Comment
Adds sensitive data that already exists in a comment, to a new comment.
The user adds a new comment to the Notion page called Card. This new comment contains credit card number 8686-6868-8686-6868
A new event is created.
Attachments
Adds an attachment with sensitive data.
The user attaches a document called file which contains sensitive data.
A new event is created.
Attachments
Adds a new attachment that contains sensitive data, which has already been reported.
The user attaches a document called file1. This file contains the same sensitive data that has already been reported in the file attachment.
A new event is created since Nightfall treats each attachment to be unique, irrespective of the data it contains.
Deletes a page containing sensitive data
The user deletes the Notion page called Card.
The related event is not resolved automatically.
Deletes or resolves a comment containing sensitive data.
The user deletes the comment containing credit card number 1243-1243-1243-1243 from the Notion page called Card.
The related event is not resolved automatically.
Deletes an attachment containing sensitive data.
The user deletes the document called file which contains sensitive data.
The related event is resolved automatically.
Deletes a Notion page that contains sensitive data in the page, attachment, and comment.
The user deletes the Notion page called Card. This page contained sensitive data in its content, attachment, and comment.
None of the events are auto resolved. You must manually resolve the events for page, comments, and attachments.
The user adds sensitive data to an existing document
The user adds credit card number 4242-4242-4242-4242 to a document Data.
A new event is created for the sensitive credit card data added.
The user duplicates sensitive data that already exists in a document.
The user adds the credit card number 4242-4242-4242-4242 in the same document Data. The document called Data now has two instances of the same credit card number 4242-4242-4242-4242
The existing Event is updated with a new finding.
The user adds new sensitive data to a document which already holds some sensitive data
The user adds credit card number 2424-2424-2424-2424 to the document Data
A new Event is created for the newly added sensitive data.
The user adds an existing sensitive data to a new document
The user adds credit card number 4242-4242-4242-4242 in another document New Data.
New Event Created since sensitive data is added to another file.
The user adds new sensitive data to a new document
The user adds credit card number 1212-1212-1212-1212 to a document New Data
New Event Created for the sensitive credit card data added.
The user deletes sensitive data from a file
The user removes credit card number 4242-4242-4242-4242 from the document Data.
The Event is automatically resolved.
The user deletes the document containing sensitive data without removing the sensitive data present in it.
The user deletes the file Data.
The Event is not resolved automatically.
The user sends a message with sensitive data.
Tom sends a message with credit card number 1234-4321-1234-4321 to Steve.
A new event is created.
The user forwards a message containing sensitive data to another chat or group.
Tom forwards the message containing credit card number 1234-4321-1234-4321 to Rick.
A new event is created.
The user edits a message and duplicates an existing sensitive data.
Tom edits the message sent to Steve with credit card number 1234-4321-1234-4321. He duplicates the existing credit card number.
No change to the event.
The user sends a document with sensitive data
Tom sends a message with an attachment to Steve. This attachment contains credit card number 4321-12344321-1234
A new event is created.
The user sends a document with multiple instances of sensitive data.
Tom sends a message with an attachment to Rick. This attachment contains 5 credit card numbers.
A single event is created with multiple findings. The number of findings is equal to the instances of sensitive data.
The user edits a message that has no sensitive data and adds sensitive data to it.
Tom edits a message sent to Steve, previously. This message did not have any sensitive data, but after the edit Tom added credit card number 5678-8765-5678-8765 to the message.
No new event created.
The user edits a message with sensitive data and adds new sensitive data to it.
Tom edits the message sent to Steve with credit card number 1234-4321-1234-4321. He now adds another credit card number 8989-9898-8989-9898 to the message.
No new event created.
The user edits and removes the sensitive data or deletes the entire message containing sensitive data
Tom deletes the message sent to Steve that contained the credit card number 1234-4321-1234-4321
The event is automatically resolved.
The user deletes a document with sensitive data.
Tom deletes the attachment sent in a message to Steve. This attachment contained credit card number 4321-12344321-1234
The event is not resolved automatically.
To learn about how GitHub handles Deduplication and Auto Resolve, click here.
The user adds confidential information to an existing document
The user adds credit card number 4242-4242-4242-4242 to a document called Data.
A new event is created for the sensitive credit card data added.
The user duplicates sensitive data that already exists in a document.
The user adds the credit card number 4242-4242-4242-4242 in the same document Data. The document called Data now has two instances of the same credit card number 4242-4242-4242-4242
The existing Event is updated with a new finding.
The user adds new sensitive data to a document which already holds some sensitive data
The user adds credit card number 2424-2424-2424-2424 to the document Data
A new Event is created for the newly added sensitive data.
The user adds an existing sensitive data to a new document
The user adds credit card number 4242-4242-4242-4242 in another document New Data.
A new Event is created since sensitive data is added to another file.
The user adds new sensitive data to a new document
The user adds credit card number 1212-1212-1212-1212 to a document New Data
A new Event is created for the sensitive credit card data added.