Trigger

Once you zero in on the policy Scope to the required devices and originating domains, you must now define the trigger actions that can be termed as exfiltration events.

Nightfall provides you with three types of triggers that you can set as exfiltration events.

  • Browser Uploads: In this section, if an asset is uploaded through a browser to an online portal (for example, a social media website), you can define such events as exfiltration events.

  • Cloud Syncing: In this section, if an asset is uploaded to an online cloud store application (for example, Google Drive), you can define such events as exfiltration events.

  • Clipboard Paste: In this section, if data is copied from a source and pasted to a destination, you can define such events as exfiltration events.

The steps to use the above triggers are elaborated in the following sections.

Browser Uploads

Ensure that you have configured domain collections before using the browser uploads option.

To monitor browser uploads:

  1. Select the Browser uploads to option.

  1. Select one of the following options.

  • Any Domain: If you select this option, Nightfall monitors your uploads done to any domain on the Internet.

  • Domain in: If you select this option, you must additionally also select the domain collections created in the domain collections section. Nightfall monitors the uploads done to all the domains that belong to the selected domain collections.

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

  • Domain Not in: If you select this option, you must additionally also select the domain collections created in the domain collections section. Nightfall does not monitor the uploads done to all the domains that belong to the selected domain collections.

Once you select a domain collection from the drop-down menu, it is displayed on the screen and grayed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Cloud Sync App Uploads

In this option, you can either choose to monitor uploads done to every cloud sync app or select specific cloud sync apps to which the uploads must be monitored.

  1. Select the Cloud Syncing option.

  2. Select one of the following options.

  • Any Storage Apps: If you select this option, Nightfall monitors the uploads done to every cloud sync storage application.

  • Specific Storage App(s): If you select this option, you must additionally select the storage apps. Nightfall monitors the uploads done to the selected storage apps.

Once you select a cloud storage application from the drop-down menu, the selected option is displayed on the screen and grayed out from the drop-down menu. You can use the drop-down menu to select additional cloud storage apps.

Clipboard Paste

In this option, you can choose to monitor the copy/paste actions performed by end-users. If end-users copy some data and paste it to unsanctioned locations.

Apart from text data, Nightfall can also detect non-text clipboard content, including images and screenshots. Clipboard Paste trigger uses the optical character recognition (OCR) technology in combination with Nightfall detectors to prevent the exfiltration of sensitive data present in visuals like copied screenshots, scanned documents, or copied images from web browsers.

Use cases

  • A typical example of this trigger can be a scenario in which an end-user copies an API key and pastes it in a prompt in ChatGPT/Deepseek or any other Gen AI apps while attempting to generate a piece of code.

  • An employee attempting to capture a screenshot of dashboards, reports, or customer data from sensitive SaaS apps into unsanctioned destinations.

To enable the Clipboard Paste trigger:

  1. Select the Paste To option.

  2. Select one of the following options.

    1. Any Domain: If you select this option, Nightfall monitors your paste actions performed on any domain on the Internet.

    2. Domain in: If you select this option, you must additionally also select the domain collections created in the domain collections section. Nightfall monitors the uploads done to all the domains that belong to the selected domain collections. The process of domain selection remains the same as demonstrated in the case of the#Browser Uploads section.

    3. Domain Not in: If you select this option, you must additionally also select the domain collections created in the domain collections section. Nightfall does not monitor the uploads done to all the domains that belong to the selected domain collections.

Once you select a domain collection from the drop-down menu, it is displayed on the screen and grayed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

If end-users attempt to paste content, once you enable the Clipboard Paste trigger, they receive an error message as shown in the following image.

Last updated

Was this helpful?