Creating Detection Rules

🚧

After 18th August 2024, this page would permanently be moved to a new location. You can access this page from a new URL which is present here. If you have saved or bookmarked the current URL, kindly update it with the new URL, since there will be no 301 redirect from the current URL to the new URL.

You can define Detection Rules “inline” in the body of each request to the scan endpoint. See the example in the walk-through of the scan endpoint Creating an Inline Detection Rule.

You can also use the Nightfall UI > Detection Rules to predefine your Detection Rules. Once you have created a Detection Rule, you will receive a UUID, which you can pass in as part of your API request payloads.

You may add up to 50 detectors to your detection rule.

To create a Detection Rule in the Nightfall UI, Select "Detection Rules" from the left hand navigation.

Click the + New Detection Rule button in the upper right hand corner.

The Nightfall Detection Rules page

The Nightfall Detection Rules page

First, enter a name for your Detection Rule as well as an optional description.

Creating a New Detection Rule

Creating a New Detection Rule

Then click the + Detectors button to add Detectors to your Detection Rule.

Selecting Detectors for a Detection Rule

Selecting Detectors for a Detection Rule

In this example we have selected the US drivers license and Canada Government ID detectors.

Click the Add button in the lower right hand corner at the end of the detector list when you are done adding detectors.

Now that your Detectors are set, choose a minimum confidence level and a minimum # of findings for each detector.

If these minimums for a Detector are not met, the Detection Rule will not be triggered.

Setting confidence levels and minimum findings for a Detection Rule

Setting confidence levels and minimum findings for a Detection Rule

Save your Detection Rule in the lower left hand corner once you are done.

Once the Detection Rule is saved, it is available for use in requests to the Nightfall API to scan your data for sensitive information. Pass in the UUID of the Detection Rule as the detectionRuleUUIDs field of your requests to the the scan endpoints.

The UUID may be obtained by clicking the "copy" icon, the left most icon in the set of icons that appear next to the Detection Rules name when your cursor highlights a Detection Rule in the list of Detection Rules.

See Using Pre-Configured Detection Rules for an example of using a Detection Rule UUID.

Copying a UUID for a Detection Rule

Copying a UUID for a Detection Rule