12 May 2015

Security Monitoring 101

Normally, when I get on the phone with a customer, they’re familiar with the audit capabilities within Salesforce and we just discuss the Event Monitoring add-on. However, while on the phone the other day with an IT security professional, I realized that we needed to take a step back and review the different options around auditing and monitoring user activity before we could dig into the add-on value of Event Monitoring.

This post is designed as a high-level introduction to security monitoring to better understand some of the different options security professionals have to audit data and user actions within their organization.

In general, the topic of auditing user behaviors in Salesforce can be summed up in just a few key features:

Audit Fields
Login History
Setup Audit Trail
Field History Tracking
Event Monitoring (Event Log Files)
Track who created or last modified a record by user and time
Track end-user logins and login attempts (e.g. failures)
Track administrative changes in setup like escalation of privileges or creation of new fields
Track state changes at the field level
Track a variety of server interactions including report exports, page views, and document downloads
Adam Torman modified the Acme account earlier today
Adam Torman logged in using Chrome v 42.0 on Mac OSX
Permission set Modify All Data: assigned to user Adam Torman
Adam Torman changed the Case status from Open to Closed
Adam Torman clicked on Marc Benioff’s patient record and downloaded the customer list
UI and API
UI (CSV Download) and API
UI Only
(CSV download)
UI and API
API Only (CSV download)
[Profile or Sharing] Permissions Required
* Read / Query requires sharing access to parent record
Manage Users permission
* View Setup and Configuration permission
Configure requires Customize Application permission

* Read / Query requires sharing access to parent record
* View Event Log Files permission
Data Retention Policy
Life of the record
6 months FIFO
6 months FIFO
Up to 10 years
Up to 30 days
$0 - 20 fields for 18 months

** $add-on - 60 fields for 10 years
$0 - Login/Logout lines for 1 day

** $add-on - 28 log files for 30 days
Online Help Documentation

* - View All Data will also enable access to everything but Login History
** - Talk with your account executive about the add-on price

Where do you go from here? There are great in-depth online documentation and best practices guides:
  1. Auditing documentation - high level overview
  2. Salesforce Security Implementation Guide - in depth best practices guide
  3. Salesforce Security Workbook - self-paced and interactive exercises
There are many more advanced features that help enable security professionals to audit user behavior and track activity.

Some additional solutions worth exploring in this area include:

Salesforce is a trusted cloud service. These solutions help you to trust but verify your user's behaviors.


  1. I prefer http://www.softinventive.com/total-network-monitor/. It combines most of these functions and it's comfortable, because it's one package, you don't need to install a lot of tools for security monitoring.

  2. This comment has been removed by a blog administrator.

  3. This comment has been removed by a blog administrator.

  4. This knowledge.Excellently written article, if only all bloggers offered the same level of content as you, the internet would be a much better place. Please keep it up. security guards

  5. A debt of gratitude is in order for giving late reports with respect to the worry, I anticipate read more. security company

  6. It’s really such nice home security systems information to get advantage from.

  7. I like viewing web sites which comprehend the price of delivering the excellent useful resource free of charge. I truly adored reading your posting. Thank you! mobile security patrols birmingham

  8. Very detailed comparison. The first 3 options looks better .

  9. I was surfing the Internet for information and came across your blog. I am impressed by the information you have on this blog. It shows how well you understand this subject. Looking for a hacker near me

  10. That is really nice to hear. thank you for the update and good luck. cctv camera

  11. It is way too soon to know how security Robots will affect 24response overall physical security strategies and practices as the technology is still emerging.

  12. This is really amazing. Great information about blog. your blog is very good. we also provide to Soc Solutions Services. if you want use our services you can visit on our website.

  13. Loved your blog page!!!The stuff that you have remarked up here is superbly wonderful and I vigorously thank you for the same...
    look at this web-site

  14. I appreciate everything you have added to my knowledge base.Admiring the time and effort you put into your blog and detailed information you offer.Thanks. CCSK

  15. There is no tangible reconnaissance information for the earlier start, but a successful surveillance assignment is dependent on more than tangible components.
    look here

  16. The most important equipment a private investigator has available during the course of conducting surveillance is his mind and its esoteric components.
    look here