Event Monitoring

Salesforce Event Monitoring

Monitor, Prevent, and Mitigate Threats to Sensitive Data

Name, Title Twitter | Email Digital Imperative: Staying Safe, Secure, and Compliant along with Innovation

Data Loss Threat Prevention Management

Transaction Customer Data Security Policies Privacy

User Behavior Industry Visibility Regulations Balancing Digital Innovation and Security can be Difficult

Lack of Behavior Visibility

Insider threats

YOUR External threats YOUR CUSTOMER COMPANY Audit & Compliance policies Salesforce Shield Encrypt, Monitor, and Audit critical Salesforce data

Add additional security to your sensitive data Monitor data access and enforce security policies

Drive adoption, increase productivity and reduce costs Enhance ROI, identify and improve key application usage patterns

Meet compliance and industry regulations at speed Create unified secure compliant dev experience with a click of a button

> 300B Encrypted transactions / month Event Monitoring Monitor, Prevent, and Mitigate Threats to Sensitive Data

Monitor user activity Know who is accessing data from where with real-time streaming and 6 months of event history.

Enhance security Define Transaction Security policies using declarative condition builder or apex code to prevent and mitigate any threats. Drive user adoption Analyze user behavior to drive training and adoption of Salesforce.

Optimize performance Proactively identify bottlenecks and high demand pages to improve user experience Event Monitoring - Key Components

Event Monitoring

Event Log File Real time Transaction Threat Detection Monitoring Monitoring Security Event Monitoring with Event Log Files

Add visibility to your Salesforce data

View app performance using Event files Download and view API accessible 49 critical event alerts on an hourly or daily basis.

Boost user productivity Increase your user productivity by assessing page load times, installed packages, API usage and remove any user bottlenecks.

Visualize event patterns with Einstein Analytics Get insights into your app’s security, adoption and performance using out of the box 16 inbuilt Monitor dashboards. 50 critical events Real-Time Event Monitoring Monitor your app security and performance in real time

Monitor 16 critical events real time Subscribe to platform event alerts real time to view your app security and performance.

Apply transaction security policies Enhance your security with custom security policies using clicks or code.

Detect threats proactively Identify threats in real time using Threat detection feature.

Store and query events upto 6 months Store events and query using SOQL or Async Monitor SOQL for compliance and audit purposes. 16 critical events Transaction Security

Enhance Security with custom security policies

Define security policies with clicks or code Define transaction security policies using declarative condition builder or Apex.

Prevent data loss Design use case specific custom security policies to respond to insider threats and stop your data from leaving your organization’s boundaries.

Proactively respond to threats Setup notifications to proactively respond to alerts with custom code. Generally Available *New* Threat Detection for Core Salesforce Now Identify and surface unknown threats

Surface unknown threats Gain unprecedented visibility into unknown threats like credential stuffing and session hijacking using machine learning.

Investigate threats View threat details using UI or API calls and create threat reports.

Remediate and provide feedback Take actionable steps for identified threats using built in tools and provide feedback.

Salesforce Care

Report Anomaly Detects insider threats, that may lead to data exfiltration

Credential Stuffing Detects login compromise attempts, that may result in user identity takeover.

Session Hijacking Detects user session compromise, leading to further attacks, including information loss. Event Monitoring Use Cases

User & Application Data Loss Productivity & Performance Visibility Prevention Adoption Monitoring

Monitor & Audit Protect sensitive data Improve user Get Real Time behavior for governance from internal as well as productivity & adoption performance insights and compliance external threats using by analyzing workflows like page load times, regulations custom security and removing API usage & granular policies bottlenecks execution data Tap into a Strategic Ecosystem of Partners for Insights Explore the benefit of using your existing analytics and visualization tools

3rd Party Integrations Tools

*Premium Partner Learn Event Monitoring with Trailhead

Event Enhanced Event Monitoring Monitoring Transaction Security Analytics App

Improve User Performance With Real-Time Event Monitoring

Proactively identifies website and application IT issues by monitoring service cases

Provides real-time visibility via detailed performance dashboards for developers to action accordingly

Improves customer satisfaction & user experience with the ability to communicate between service and IT departments

Saves developers’ time and resources with eight 3rd party data sources connected into a single source of truth

+18 <1 min 100% CSAT point time to identify issues detection rate for improvement in production Priority 1 issues

SERVICE APPS SECURITY “We’re actually able to motivate people to use Salesforce more because we can show the value of increased usage through sales numbers” Amit Ramakrishnan, Business Manager

+

Tri-K Gain Visibility into Their Salesforce Usage with Event Monitoring and FairWarning Leading manufacturer of specialty ingredients in the highly competitive cosmetics industry Needed to drive revenue through Salesforce utilization and protect against potential data loss Deployed Event Monitoring + FairWarning to improve sales performance and offboarding process Able to model high sales performers, increase Salesforce adoption, and reduce data loss risk

Industry: Financial Services; Tech Segment: CBU “With Transaction Security, we are able to take real-time actions on user behavior to further bolster our compliance and governance” Matthew Doughty, GTM of Technology, ASX

ASX breaks barriers for growth and customer success One of the world’s top exchanges with 6.7 million shareowners and $47 trillion in derivatives Moved private customer and trade data hosted in 17 disparate systems to Salesforce Needed to oversee 500+ users accessing hundreds of regulated and competitive info daily Can respond to suspicious usage real-time with Transaction Security, while focusing on global growth

Industry: Financial Services; Tech Segment: CBU “We run 90% of our business on Salesforce. Shield gives us the intelligence to safeguard our data and create unique customer value.” Franck Fatras, CTO, LendingPoint

Event Monitoring insights help deliver flexible loans securely A rapidly growing direct lender offering fast, fairly-priced personal loans to underserved consumers Needed granular visibility into how millions of financial and PII data is accessed by their users Implemented pro-active monitoring dashboard exposing abnormal usage behavior on a daily basis Established secure usage policies and prepared for rigorous PCI Compliance review while focusing on rapid growth and expansion “Event Monitoring gave us critical user insights in an afternoon, helping to grow our business.” Bryan Yeung, Sr. Manager, Sales & Marketing

+

SolarCity shines light on business insights with Event Monitoring Largest provider of solar power systems and financing in U.S. is seeing tremendous growth Adding up to 200 Salesforce users per week; needed visibility into adoption and performance Deployed Event Monitoring + Splunk to understand usage patterns and boost security Increased adoption of Salesforce1 Mobile app, and improved efficiencies with greater insights

Industry: Manufacturing Segment: CBU VP of IT Improve support with greater insight into the health of your applications

How is my application performing? How can I improve user experience? Where do I have technical debt? Security Officer Identify user actions that may compromise the security of your data

Who is logging in and from where? Who views sensitive data and exports records? Are we compliant with regulatory requirements? Business Managers Understand usage to optimize your teams and processes

How often is my team using the app? How do people use the mobile app? How can we prevent data leaked to competitors? What Kind of Log Files? 49 Event Types supported

1. APEX CALLOUT 18. DOCUMENT ATTACHMENT DOWNLOADS 35. QUEUED EXECUTION

2. APEX EXECUTION 19. EXTERNAL CROSS-ORG CALLOUT 36. REPORT

3. APEX REST API 20. EXTERNAL CUSTOM APEX CALLOUT 37. REPORT EXPORT

4. APEX SOAP 21. EXTERNAL ODATA CALLOUT 38. REST API

5. APEX TRIGGER 22. INSECURE EXTERNAL ASSETS 39. SANDBOX

6. APEX UNEXPECTED EXCEPTION 23. KNOWLEDGE ARTICLE VIEW 40. SEARCH

7. API 24. LIGHTNING ERROR 41. SEARCH CLICK

8. ASYNCHRONOUS RUN REPORT 25. LIGHTNING INTERACTION 42. SITES

9. BULK API 26. LIGHTNING PAGE VIEW 43. TIME-BASED WORKFLOW

10. CHANGE SET OPERATION 27. LIGHTNING PERFORMANCE 44. TRANSACTION SECURITY

11. CONCURRENT LONG RUNNING APEX LIMIT 28. LOGIN 45. URI

12. CONSOLE 29. LOGIN AS 46. VISUALFORCE REQUEST

13. CONTENT DISTRIBUTION 30. LOGOUT 47. Analytics CHANGE

14. CONTENT DOCUMENT LINK 31. MDAPI OPERATION 48. Analytics INTERACTION

15. CONTENT TRANSFER 32. MULTI BLOCK REPORT 49. Analytics PERFORMANCE

16. CONTINUATION CALLOUT SUMMARY 33. PACKAGE INSTALL

17. DASHBOARD 34. PLATFORM ENCRYPTION Using EM: https://developer.salesforce.com/docs/atlas.en-us.api3rest.meta/api_rest/using_resources_event_log_files.htm SF Object Ref: https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_supportedeventtypes.htm Real-Time Event Coverage Spring ‘20 Release

Theme Event Name Use Case Features

Authentication LoginEvent Monitor / protect logins. Stream, Store, Policies

LogoutEvent Monitor user logouts via UI. Stream, Store

Identity Verification History Monitor and audit your org users’ identity verification attempts. Store

Admin Visibility LoginAsEvent Monitor what activities admins do when logged in as other users, by Stream, Store correlating this event with other events from the session. CRUD on LightningURIEvent Monitor Create, Read, Update, Delete [CRUD] of Objects in Lightning Stream, Store. individual UI. objects Monitor performance of Lightning Pages. UriEvent (Classic UI) Monitor Create, Read, Update, Delete [CRUD] activities on Objects in Stream, Store Classic UI. Real-Time Event Coverage Spring ‘20 Release

Theme Event Name Use Case Features

Mass data access ApiEvent Monitor / protect all API queries, number and individual records in a Stream, Store, /export query. Policies ListViewEvent Monitor / protect what data users access using ListViews. Stream, Store, Policies

ReportEvent Monitor / protect what data users access or export using Reports. Stream, Store, Policies Mobile Security MobileEmailEvent Monitor users email activity in mobile app. Stream

MobileEnforcedPolicyEvent Monitor enforcement of Enhanced Mobile Security policy events on Stream first launch of the mobile app and user rechecks. MobileScreenshotEvent Monitor user screenshots in mobile app. Stream

MobileTelephonyEvent Monitor user phone calls and text messages in mobile app. Stream

Documentation link: https://developer.salesforce.com/docs/atlas.en-us.platform_events.meta/platform_events/platform_events_objects_monitoring.htm