Configuring Policies
Last updated
Last updated
The Exfiltration policies for MAC allow you to monitor if there are any uploads via browser or cloud storage apps. You can configure the domains in Internet that needs to be monitored and also the cloud storage apps which need to be monitored.
When there are any uploads to the configured domain or cloud storage apps, the Nightfall AI agent notifies this action. You can configure the notification channels through which you wish to receive notifications when there is an attempt to upload files/folders.
Once you have completed the installation of Nightfall agent, you must ensure that the connection is live. If the Nightfall agent cannot connect to the macOS device for more than 6 hours, the connection is closed. When the connection is live, a Connected message is displayed. If the connection is lost, Disconnected message is displayed.
Collections help you refine you monitoring to reduce noise from sanctioned upload destinations as well as closely monitor exfiltration of files originating from high value SaaS applications accessed through the browser. You can also define specific domain collections to closely monitor upload activity to specific categories of upload destinations. For instance, to track files uploaded to social media, you can create a domain collection called social media and add domains like Facebook, Instagram, Twitter, and so on. Similarly, you create a collection for known and sanctioned upload destinations that are safe to upload to so you can ignore from your monitoring policies or monitor upload of items originating from such domains. While creating a policy, you can directly add the collection to be monitored. All the domains in the collection will be monitored.
You can create a domain by either manually entering all the domain URLs manually or by uploading a comma delimited list of domains in a text file.
To group domains:
Log in to the Nightfall app.
Navigate to Integrations from the left menu.
Click Manage on the macOS integration.
Click the Domains tab.
Click + New Collection.
You can either add the domains manually or upload a text file containing the list of domains. The following section has two tabs. The first explains the process of manually adding domains and the second tab explains adding domains by uploading a file.
Click + Add Domain.
Enter a name for the Collection in the Collection Name field (Social media in the following image)
Enter a domain and hit the enter key (facebook.com in the following image).
(Optional) Click + Add Domain to add multiple domains to the collection.
(Optional) Click the delete icon to delete a domain.
Click Save Changes.
The detailed steps to configure the MAC device Exfiltration policy is explained in the following documents.