Detection Rules /   DETECTION RULE
Generate Code Validate Data Nightfall Console  

Secrets & Credentials

This is a DLP detection rule template that you can implement easily in the Nightfall platform.

Description: Aims to prevent the exposure of credentials.
Logical operator: ANY i.e. This rule will evaluate to TRUE if any of the Detectors meet their criteria below.

Detectors in this Detection Rule

Detector Minimum Confidence Minimum Number of Findings Scope
API Key VERY_LIKELY 1 content
Cryptographic Key VERY_LIKELY 1 content
Database Connection String VERY_LIKELY 1 content
Password VERY_LIKELY 1 content

Used in These Policies

Detect Sensitive Data Per ISO 27001 in Google Drive (US) and Notify

This policy enforces broad protection of sensitive assets in GDrive in compliance with ISO2 70001.

Google Drive
Detect and Remediate Secrets in Confluence

Detect and automatically remediate secrets shared in Confluence

Confluence
Detect Secrets in Slack and Notify

This policy enables you to detect secrets such as API keys in your Slack workspace and automatically notify the end-user to self-remeidate the issue.

Slack
Detect Secrets in Jira and Notify

Detect and automatically notify when secrets such as API keys are found in Jira

Jira
Prevent Sharing of Secrets with ChatGPT

Detect and automatically block secrets such as API keys from being shared with ChatGPT

ChatGPT
Detect Secrets in GitHub and Notify

Detect and automatically notify when secrets such as API keys are found in GitHub

GitHub
Detect Secrets in Salesforce and Notify

Detect and automatically notify when secrets such as API keys are found in Salesforce

Salesforce
Detect Secrets in Zendesk and Notify

Detect and automatically notify when secrets such as API keys are found in Zendesk

Zendesk
Detect Secrets in Microsoft Teams and Notify

Detect and automatically notify when secrets such as API keys are found in Microsoft Teams

Microsoft Teams
Detect Secrets in Microsoft OneDrive and Remediate

Detect and automatically notify when secrets such as API keys are found in OneDrive accessible outside the organization or via public link. Automatically restrict access to the Owner.

Microsoft OneDrive
Detect Secrets in Notion and Remediate

Detect and automatically redact when secrets such as API keys are found in Notion

Notion
Monitor bulk downloads of Secrets from Google Drive

Detect when a user downloads more than 5 files containing secrets such as API keys in 24 hours

Google Drive
Prevent Sharing of Secrets via Gmail and Notify

Detect and automatically block secrets such as API keys from being shared via Gmail, Notify the user

Gmail
Detect Secrets in Text Payload and Redact

Detect and automatically redact when secrets such as API keys are found in a text scan.

API

Use Detection Rule via API

Read API Reference

curl --request POST \
     --url https://api.nightfall.ai/v3/scan \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer  REPLACE-WITH-YOUR-KEY' \
     --header 'Content-Type: application/json' \
     --data '
{
     "policy": {
          "detectionRules": [
               {
                    "detectors": [
                         {
                              "minNumFindings": 1,
                              "minConfidence": "VERY_LIKELY",
                              "displayName": "API Key",
                              "detectorType": "NIGHTFALL_DETECTOR",
                              "nightfallDetector": "API_KEY"
                         },                         {
                              "minNumFindings": 1,
                              "minConfidence": "VERY_LIKELY",
                              "displayName": "Cryptographic Key",
                              "detectorType": "NIGHTFALL_DETECTOR",
                              "nightfallDetector": "CRYPTOGRAPHIC_KEY"
                         },                         {
                              "minNumFindings": 1,
                              "minConfidence": "VERY_LIKELY",
                              "displayName": "Database Connection String",
                              "detectorType": "NIGHTFALL_DETECTOR",
                              "nightfallDetector": "DATABASE_CONNECTION_STRING"
                         },                         {
                              "minNumFindings": 1,
                              "minConfidence": "VERY_LIKELY",
                              "displayName": "Password",
                              "detectorType": "NIGHTFALL_DETECTOR",
                              "nightfallDetector": "PASSWORD_IN_CODE"
                         }
                    ],
                    "name": "My Inline Detection Rule",
                    "logicalOp": "ANY"
               }
          ]
     },
     "payload": [
          "INSERT 1+ PAYLOAD(S)",
          "INSERT 1+ PAYLOAD(S)"
     ]
}
'

          import requests
          import json

          api_key = "REPLACE-WITH-YOUR-KEY"
          url = "https://api.nightfall.ai/v3/scan"

          headers = {
              "Accept": "application/json",
              "Authorization": f"Bearer {api_key}",
              "Content-Type": "application/json"
          }

          payload = {
              "policy": {
                  "detectionRules": [
                      {
                          "detectors": [
                              {
                                  "minNumFindings": 1,
                                  "minConfidence": "VERY_LIKELY",
                                  "displayName": "API Key",
                                  "detectorType": "NIGHTFALL_DETECTOR",
                                  "nightfallDetector": "API_KEY"
                              },
                              {
                                  "minNumFindings": 1,
                                  "minConfidence": "VERY_LIKELY",
                                  "displayName": "Cryptographic Key",
                                  "detectorType": "NIGHTFALL_DETECTOR",
                                  "nightfallDetector": "CRYPTOGRAPHIC_KEY"
                              },
                              {
                                  "minNumFindings": 1,
                                  "minConfidence": "VERY_LIKELY",
                                  "displayName": "Database Connection String",
                                  "detectorType": "NIGHTFALL_DETECTOR",
                                  "nightfallDetector": "DATABASE_CONNECTION_STRING"
                              },
                              {
                                  "minNumFindings": 1,
                                  "minConfidence": "VERY_LIKELY",
                                  "displayName": "Password",
                                  "detectorType": "NIGHTFALL_DETECTOR",
                                  "nightfallDetector": "PASSWORD_IN_CODE"
                              }
                          ],
                          "name": "My Inline Detection Rule",
                          "logicalOp": "ANY"
                      }
                  ]
              },
              "payload": [
                  "INSERT 1+ PAYLOAD(S)",
                  "INSERT 1+ PAYLOAD(S)"
              ]
          }

          response = requests.post(url, headers=headers, data=json.dumps(payload))
          print(response.status_code)
          print(response.json())

Secrets & Credentials Detection Rule Validator

Input any text to validate or test. The default minimum confidence is set to "Possible".