1 of 1

Scope

The Scope section enables you to create an asset lineage based policy in which you can track the journey of an asset from source to destination.

Key Features of Lineage Based Policies

Security administrators can set precise exfiltration policies to protect sensitive files that originate from high-value SaaS locations from being exfiltrated to unsanctioned destinations
High performance security teams can focus their energy and resources on monitoring assets from high value SaaS domains.
By combining content download origin to upload destination, organizations can extend their monitoring to cover any cloud application accessed through the browser, even those without direct API integration.
Allows security teams to monitor and prevent data exfiltration not just through direct browser uploads but also through cloud storage sync applications, providing a multi-layered defense against data leaks.
With lineage-based policies, organizations can proactively identify and manage risks associated with sensitive content movement, ensuring compliance with data security standards and preventing potential breaches before they occur.

Configuring the Scope Page

The Scope page consists of two sections.

#device
#asset-origin

Device

By default, Nightfall monitors all the macOS devices configured in your org. However, you can choose to exclude specific macOS devices from being monitored.

If you have a long list of assets, you can search for an asset by entering the device ID of the asset.

Asset Origin

The Asset Origin filter allows you to limit the scope of the policy to only those assets which originated from a specific source. To use the asset origin filter, you must click Add Filter and select Asset Origin.

The Asset origin filter provides the following options:

Any Domain: If you select this option, Nightfall monitors the assets originated from any domain, present in any of the domain collections.
Domain in: If you select this option, you must additionally also select the domain collections, created in the domain collections section. In this case, Nightfall monitors only those assets that originated from a domain, which is a part of any of the selected domain collection(s).

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Domain Not in: If you select this option, you must additionally also select the domain collections, created in the domain collections section. In this case, Nightfall does not monitor those assets that originated from a domain, which is a part of any of the selected domain collection(s).

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Scope

The Scope section enables you to create an asset lineage based policy in which you can track the journey of an asset from source to destination.

Key Features of Lineage Based Policies

Security administrators can set precise exfiltration policies to protect sensitive files that originate from high-value SaaS locations from being exfiltrated to unsanctioned destinations
High performance security teams can focus their energy and resources on monitoring assets from high value SaaS domains.
By combining content download origin to upload destination, organizations can extend their monitoring to cover any cloud application accessed through the browser, even those without direct API integration.
Allows security teams to monitor and prevent data exfiltration not just through direct browser uploads but also through cloud storage sync applications, providing a multi-layered defense against data leaks.
With lineage-based policies, organizations can proactively identify and manage risks associated with sensitive content movement, ensuring compliance with data security standards and preventing potential breaches before they occur.

Configuring the Scope Page

The Scope page consists of two sections.

#device
#asset-origin

Device

By default, Nightfall monitors all the macOS devices configured in your org. However, you can choose to exclude specific macOS devices from being monitored.

If you have a long list of assets, you can search for an asset by entering the device ID of the asset.

Asset Origin

The Asset origin filter provides the following options:

Any Domain: If you select this option, Nightfall monitors the assets originated from any domain, present in any of the domain collections.
Domain in: If you select this option, you must additionally also select the domain collections, created in the domain collections section. In this case, Nightfall monitors only those assets that originated from a domain, which is a part of any of the selected domain collection(s).

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.

Domain Not in: If you select this option, you must additionally also select the domain collections, created in the domain collections section. In this case, Nightfall does not monitor those assets that originated from a domain, which is a part of any of the selected domain collection(s).

Once you select a domain collection, it is displayed on the screen and greyed out from the drop-down menu. You can use the drop-down menu to select additional domain collections.