Creating Detection Rules

You can define Detection Rules “inline” in the body of each request to the scan endpoint. See the example in the walk through of the scan endpoint Creating an Inline Detection Rule.

You can also use the Nightfall UI > Detection Engine > Detection Rules to predefine your Detection Rules. Once you have created a Detection Rule, you will receive a UUID, which you can pass in as part of your API request payloads.

You may add up to 50 detectors to your detection rule.

To create a Detection Rule in the Nightfall UI, Select "Detection Rules" from the left hand navigation.

Click the + New Detection Rule button in the upper right hand corner.

The Nightfall Detection Rules pageThe Nightfall Detection Rules page

The Nightfall Detection Rules page

First, enter a name for your Detection Rule as well as an optional description.

Creating a New Detection RuleCreating a New Detection Rule

Creating a New Detection Rule

Then click the + Detectors button to add Detectors to your Detection Rule.

Selecting Detectors for a Detection RuleSelecting Detectors for a Detection Rule

Selecting Detectors for a Detection Rule

In this example we have selected the US drivers license and Canada Government ID detectors.

Click the Confirm button in the lower right hand corner when you are done adding detectors.

The Detector selection Confirm buttonThe Detector selection Confirm button

The Detector selection Confirm button

Now that your Detectors are set, choose a minimum confidence level and a minimum # of findings for each detector.

If these minimums for a Detector are not met, the Detection Rule will not be triggered.

Setting confidence levels and minimum findings for a Detection RuleSetting confidence levels and minimum findings for a Detection Rule

Setting confidence levels and minimum findings for a Detection Rule

Save your Detection Rule in the lower left hand corner once you are done.

Once the Detection Rule is saved, it is available for use in requests to the Nightfall API to scan your data for sensitive information. Pass in the provided UUID in the detectionRuleUUIDs field of your request.

See Using Pre-Configured Detection Rules for an example.

Copying a UUID for a Detection RuleCopying a UUID for a Detection Rule

Copying a UUID for a Detection Rule