In this final stage, you assign a name to the policy, verify your configurations, and create the policy.
Enter a name for the policy.
(Optional) Enter a description for the policy.
Choose the Policy risk score. By default the risk score is set to Nightfall Risk Score. You can set it to Custom Risk score, and select one of the risk levels, if required. To learn more about Risk scoring, refer to the #risk-scoring document.
Click Next.
Verify if all the policy configurations are set up as per your requirements.
(Optional) Click Back or click on any specific stage to modify any of the policy configurations.
Click Submit.
Nightfall can monitor all your Confluence spaces for sensitive data. However, you can choose to monitor only specific spaces. Additionally, irrespective of whether you have chosen all the spaces or specific spaces for monitoring, Nightfall allows you to exclude specific pages from being monitored, within the selected spaces. You can configure the required spaces and pages within the spaces on the scope page
To configure Policy Scope:
Click + Add Site and select a Confluence instance.
If you have configured only a single Confluence site, the configured site is automatically selected and you need not choose from multiple sites. If you wish to monitor multiple Confluence sites, you must create a separate policy for each site.
Once you choose the site, there are two configurations; Include In Monitoring and Exclude From Monitoring. The Include In Monitoring section allows you to choose specific Confluence Spaces for monitoring. The Exclude From Monitoring section is optional and allows you to exclude specific pages from being monitored, from within the selected Spaces.
By default, all the Spaces are selected for monitoring. To choose only a specific set of Space(s) to be monitored, you must click the Choose Spaces radio button.
Once you select the Choose Spaces option, a new search field is displayed. This field lists all the Confluence Spaces configured in the selected Confluence site. You can choose the required Space(s).
This section allows you to exclude specific page(s) (from within the selected Space(s)) from being monitored by Nightfall for sensitive data. You can skip this section if you wish to monitor all the pages from the selected Space(s).
Nightfall lists all the pages from the selected Spaces in the drop-down menu. To exclude specific pages, select the required pages from the drop-down menu.
In this stage, you select the Integration for which the policy is created. In this case, the Confluence integration must be selected.
Click Policies from the left menu.
Click + New Policy.
Select Sensitive Data.
Select the Confluence integration.
This stage allows you to select notification channels if a policy violation occurs. The advanced settings page consists of the following configurations.
#admin-alerting: This section describes the process of setting alerts for Nightfall administrators when a policy violation is detected.
#automated-actions: This section describes the automated actions that can be taken when a policy violation is detected.
#end-user-notification: This section describes the process of setting alerts for end users (a person whose action caused a violation) when a policy violation is detected.
The alert configurations configured in this section describe the process of creating alerts at the policy level. Policy-level alerts apply only to the policy on which they are configured. To configure an alert on all the Slack policies, you must configure alerts at the integration level. To learn more about how to configure integration-level policies for Slack integration, read this document.
The steps to configure alert channels for policy-level integration are the same as in the case of integration-level alerts. You can refer to this document for steps.
This section describes the various actions that Nightfall takes automatically when a violation is detected. You must turn on the toggle switch to enable an action. All the automated actions are permanent and cannot be reversed once applied. You can also set the timeline as to when an action must be taken (immediately after detecting a violation or after some time).
The various automated actions are described as follows.
Delete: This action deletes the Confluence page in which sensitive data is found.
Redact: This action redacts the sensitive data found on the Confluence page.
This section allows you to configure notifications to be sent to the end user whose actions triggered the violation.
Custom Message: Enter a custom message to be sent to the end user. This message is sent in an Email. You can modify the default message provided by Nightfall and draft your message. The total character length allowed is 1000 characters. You can also add hyperlinks in the custom message. The syntax is <link | text >. For example, to hyperlink www.nightfall.ai with the text Nightfall website, you must write <www.nightfall.ai|Nightfall website>
.
Automation: You can either select Email, Slack, or both as an automated notification method. You must turn the toggle switch to use this option. Based on the options selected, end-users receive notification on their Email account associated with JIRA, or Slack account configured.
End-User remediation (also known as Human Firewall) allows you to configure remediation measures that end users can take when a violation is detected on their JIRA environment. You must turn on the toggle switch to use this option. The various available options are as follows.
Redact: This action redacts all the sensitive information found in the Confluence pages. To allow end-users to implement this action, you must disable it from the #automated-actions section.
Delete: This action deletes the pages that contain sensitive information. To allow end-users to implement this action, you must disable it from the #automated-actions section.
Report as False Positive with Business Justification: This option allows end users to report false positive alerts and provide a business justification as to why the alert is considered to be false positive.
Report as False Positive: This option allows end users to report false positive alerts.
When a Violation is Reported as False Positive: You can use this option to set actions to be taken when a violation is reported as false positive by the end-user. You can either set the remediation to be automatic or manual.
Remind Every (until Violation expires): You can use this option to set a reminder for the end-user to take action on the violation. You can choose to remind the end user every 24, 48, or 72 hours.
In this section, you can select the Detection rules for the policy and If not already created, you can create detection rules. To learn more about how to configure detection rules, see Configuring Detection Rules.
You can use the search bar to search for a detection rule by its name.
Once the required detection rules are displayed, you can select the required detection rules by ticking the respective check box. When you select any detection rule, you can view three options.
These three options are related to the display of detection rules.
All Detection Rules: This option displays all the available detection rules, irrespective of the detection rule(s) selected.
Selected Detection Rules: This option displays only those detection rules that you have selected.
Unselected Detection Rules: This option displays only those detection rules that you have not selected.
Select the check box(es) of all the detection rules you wish to include in the policy. The policy evaluates only those detection rules that you have selected here. Once you select all the required detection rules, click Next to move to the next stage.
DLP policies are a set of rules that include specific conditions, actions, and exceptions that monitor and filter data. DLP policies also enable you to remediate any leakage of sensitive information from within your organization.
You can set up policies to scan data that is sent through some or all applications within your organization.
You can configure policies and choose to not apply them all the time.
Before you define a policy, or a set of policies, we recommend that you define the objectives of each policy, which can then be fulfilled when you configure the policy.
Here are a few important questions to ask before configuring your policies:
What data do you plan to monitor?
Where within the organization do you want to monitor?
What should be the scope of each policy?
What conditions must apply for the policy to match?
What exceptions/exclusions can be allowed?
What remediation actions should the policy take?
You can now configure policies on the Confluence integration to determine which workspaces and pages must be monitored, and which ones excluded. You can also automate the remediation actions that you want Nightfall to perform on a policy violation.
Configuring DLP policies on Confluence involves the following steps: