A lightweight endpoint DLP scanner that monitors and scans files in real-time for sensitive data using Nightfall's data loss prevention APIs.
Tutorial to build a lightweight endpoint DLP scanner that scans files on your device in real-time for sensitive data like PII & secrets using Nightfall's data loss prevention APIs.
This tool is designed for security professionals and developers who want to detect and prevent data exfiltration by scanning files on endpoint devices for sensitive information such as PII and secrets. It is ideal for real-time monitoring on local machines or EC2 instances to enhance data security and compliance.
This tutorial assumes a Mac environment but can be adapted for other OS with minor changes. Users must securely manage Nightfall API credentials as environment variables. The asynchronous scanning model requires a publicly accessible webhook endpoint, which can be facilitated using tools like Ngrok during development.
Create a requirements.txt file with the following dependencies: nightfall, Flask, Gunicorn, watchdog
Run `pip install -r requirements.txt` to install dependencies
Obtain Nightfall API Key and Webhook Signing Secret from the Nightfall Dashboard
Set Nightfall API Key and Webhook Signing Secret as environment variables
Run the Python services to start monitoring and webhook serverpip install -r requirements.txt
Installs all required Python dependencies for the endpoint DLP tool
Run the Python watchdog service
Starts monitoring file system events to detect file creations or modifications
Run the Flask webhook server
Starts the webhook endpoint to receive and process scan results asynchronously from Nightfall