26 May 2015

Download Event Log Files Using the ELF Browser

Event Monitoring makes downloading application logs easy using the Salesforce API.

But what happens if you don't know how to use the API? Or you don't have an operating system that makes running a download script easy? Or you've never written a download script before? Or you just want a quickly download a newly generated file without messing around with code?

Introducing the Salesforce Event Log File Browser: https://salesforce-elf.herokuapp.com/.

This browser based app, built by Abhishek Sreenivasa and the platform monitoring team, uses Ruby on Rails and is hosted on Heroku.

It's designed to enable administrators or developers, who just want to focus on the log data, to easily download an Event Log File without writing any code or setting up any integrations. This makes it perfect for both trying out Event Monitoring as well as getting started downloading log files.

The app is designed to be very simple. After logging into your production or sandbox organization using OAuth, you are presented a list of downloadable files.

Because you may have up to thirty days of files, you can filter on both the date range and the file type to find specific files that you want to download.

You can choose to either download the file by selecting the green download action icon or you can get a jump start on a simple cURL script by selecting the light blue page action. The latter action was created to help bootstrap the integration effort. For instance, if an integration specialist asks how to create a script to automate the downloads on a daily basis, you could give them this script to help get them started.

The code for this app is available publicly on Github. You can log any issues you may encounter directly to this Github repo as well. The app is licensed under MIT licensing terms, so you're free to take the source code and modify it to meet your use case.

API first features like Event Monitoring make it easy to create apps that meet a wide set of use cases. The Salesforce Event Log File Browser app is just one example.

While this browser doesn't take the place of an automated download script, it does simplify both the trial experience as well as enable simple downloads of Event Log Files without writing any code or understanding how OAuth works. And because all organizations now have at least login and logout log file types, if not all twenty nine types, anyone should be able to use it. Happy downloading!

12 May 2015

Security Monitoring 101

Normally, when I get on the phone with a customer, they’re familiar with the audit capabilities within Salesforce and we just discuss the Event Monitoring add-on. However, while on the phone the other day with an IT security professional, I realized that we needed to take a step back and review the different options around auditing and monitoring user activity before we could dig into the add-on value of Event Monitoring.

This post is designed as a high-level introduction to security monitoring to better understand some of the different options security professionals have to audit data and user actions within their organization.

In general, the topic of auditing user behaviors in Salesforce can be summed up in just a few key features:

Audit Fields
Login History
Setup Audit Trail
Field History Tracking
Event Monitoring (Event Log Files)
Track who created or last modified a record by user and time
Track end-user logins and login attempts (e.g. failures)
Track administrative changes in setup like escalation of privileges or creation of new fields
Track state changes at the field level
Track a variety of server interactions including report exports, page views, and document downloads
Adam Torman modified the Acme account earlier today
Adam Torman logged in using Chrome v 42.0 on Mac OSX
Permission set Modify All Data: assigned to user Adam Torman
Adam Torman changed the Case status from Open to Closed
Adam Torman clicked on Marc Benioff’s patient record and downloaded the customer list
UI and API
UI (CSV Download) and API
UI Only
(CSV download)
UI and API
API Only (CSV download)
[Profile or Sharing] Permissions Required
* Read / Query requires sharing access to parent record
Manage Users permission
* View Setup and Configuration permission
Configure requires Customize Application permission

* Read / Query requires sharing access to parent record
* View Event Log Files permission
Data Retention Policy
Life of the record
6 months FIFO
6 months FIFO
Up to 10 years
Up to 30 days
$0 - 20 fields for 18 months

** $add-on - 60 fields for 10 years
$0 - Login/Logout lines for 1 day

** $add-on - 28 log files for 30 days
Online Help Documentation

* - View All Data will also enable access to everything but Login History
** - Talk with your account executive about the add-on price

Where do you go from here? There are great in-depth online documentation and best practices guides:
  1. Auditing documentation - high level overview
  2. Salesforce Security Implementation Guide - in depth best practices guide
  3. Salesforce Security Workbook - self-paced and interactive exercises
There are many more advanced features that help enable security professionals to audit user behavior and track activity.

Some additional solutions worth exploring in this area include:

Salesforce is a trusted cloud service. These solutions help you to trust but verify your user's behaviors.