Nightfall customers have always lauded the platform’s ease of use and simplicity, but our team is always hard at work looking for ways to improve user experience. This month, we’ve made multiple features GA across the platform, that will further your ability to further customize what content and files trigger Nightfall detectors as well as the ways you can ingest this data.
Find & monitor specific files based on name, fingerprint or MIME content type
We’ve introduced three new features that will help users monitor specific files or file content types that they can specify when choosing detectors and building detector rules. All of these features will help teams save precious time, by building highly granular detection rules that automatically find the things you want.
- File fingerprint detector: Through the detector tab, users can create an “exact file match” detector (aka a file fingerprint). This can be accomplished by creating a new detector under the Detector tab. From there, you’ll be asked to upload the file(s) you wish to fingerprint (limited to 25Mb per file). File fingerprinting is a useful way to monitor specific files that you know are sensitive, without having to sift through alerts to identify what the file’s sensitive contents are and where within the file they’re located, saving you and your team time.
- Detection within file Names: Within the Detection Rules tab, users can now specify whether they want Nightfall’s detection scope to be within files or limited to file names (or both). This will allow you to more narrowly focus on identifying files with a specific extension in their names, or files with specific naming conventions and schema. This again is intended to make it easier for you to search and monitor the specific types of content you know are sensitive, in order to save you time.
- MIME file type detection: Users can now create their own media file detectors by specifying MIME types when creating a new detector in the Detector tab of the platform. Build out detectors to specifically search for content like images, web documents, code, and more.
Out-of-the-box HTTP headers & enhanced reporting and filtering for webhook users
We’ve also built out two other features that will make using Nightfall’s SIEM integration and report sorting functions much easier.
- HTTP Headers for Webhook Alerts: When configuring webhooks to export alerts to your SIEM or other alerting and response platforms, you can now configure webhooks by adding custom HTTP headers, allowing you to pass authentication tokens and other parameters through the webhook. Sensitive entries can be masked. These features are intended to make integrating with enterprise SIEM and alerting tools easy and painless.
- Webhook Alerts Findings Schema: Users can now more easily ingest alerts within their SIEM or alerting and response platform, as we’ve standardized all out of the box reporting and filters across all integrations. This addition comes with new integration specific metadata, allowing you to extract and analyze findings with ease. You can now also list up to 1000 findings per alert for detailed downstream reporting.
All of these updates are intended to ensure the Nightfall platform continues to simplify your security workflows, by providing you tools to automatically parse specific files and file types for sensitive content and provide detailed analytics for your security team. If you’re interested in learning more about Nightfall, learn more about our product integrations from the product menu above or scroll down below to schedule a meeting with us.