Nightfall Exfiltration for Salesforce
Nightfall Exfiltration for Salesforce helps you to keep tab of the exfiltration activities in your Salesforce orgs. Nightfall leverages Salesforce Shield Real Time Event Monitoring for exfiltration activities across your Salesforce orgs and identifies activities which are in violation to configured policies.
Download of attachments, files, reports and bulk download of objects are all exfiltration event recognised by Nightfall. You can configure policies to set appropriate thresholds for such events and identify them as unwarranted that may require scrutiny. You may configure the policy to alert the stakeholders who need to be notified and choose one of the available actions to be invoked automatically. You may also choose not to configure automated actions but only act after evaluating the specific exfiltration events.
Prerequisites
Nightfall exfiltration leverages Salesforce Shield's Event Monitoring to identify exfiltration events. Salesforce Shield provides multiple security tools to safeguard your Salesforce orgs. Nightfall depends on Event Monitoring in Salesforce Shield which is available as an independent module within Salesforce Shield. You must enable the following Event Monitoring settings for all the Salesforce orgs that you wish to monitor,
Generate event log files - Generate an event log file when events occur in your org.
Enable Lightning Logger Events - Enable collection of Lightning Logger Events in custom components.
Enable the following events for storage and streaming
Bulk API Result Event - Track when a user downloads the results of a Bulk API request
File Event - Track file activity. For example, track when a user downloads or previews a file
Report Event - Track when a user accesses or exports data with reports
SessionHijacking Event - Track when an unauthorised user gains ownership of a Salesforce user’s session with a stolen session identifier
You can learn more about Salesforce Shield here and once enabled, advance to the next steps with Installing Nightfall DLP for Salesforce
If you have already onboarded your Salesforce org to Nightfall platform, please ensure you have the latest Nightfall DLP package deployed in your Salesforce org. Follow the steps mentioned in Upgrading Nightfall DLP to upgrade it to the latest version.
You must perform the above actions only on those Salesforce orgs in which the Salesforce Shield Event monitoring module is enabled.
Installation Doc Links
The installation procedure remains the same as in case of Salesforce DLP for sensitive data. The links to the installation and upgradation documents are as follows.
Last updated