This post is designed as a high-level introduction to security monitoring to better understand some of the different options security professionals have to audit data and user actions within their organization.
In general, the topic of auditing user behaviors in Salesforce can be summed up in just a few key features:
Audit Fields
|
Login History
|
Setup Audit Trail
|
Field History Tracking
|
Event Monitoring (Event Log Files)
|
|
Purpose
|
Track who created or last modified a record by user and time
|
Track end-user logins and login attempts (e.g. failures)
|
Track administrative changes in setup like escalation of privileges or creation of new fields
|
Track state changes at the field level
|
Track a variety of server interactions including report exports, page views, and document downloads
|
Example
|
Adam Torman modified the Acme account earlier today
|
Adam Torman logged in using Chrome v 42.0 on Mac OSX
|
Permission set Modify All Data: assigned to user Adam Torman
|
Adam Torman changed the Case status from Open to Closed
|
Adam Torman clicked on Marc Benioff’s patient record and downloaded the customer list
|
Interface
|
UI and API
|
UI (CSV Download) and API
|
UI Only
(CSV download)
|
UI and API
|
API Only (CSV download)
|
[Profile or Sharing] Permissions Required
|
* Read / Query requires sharing access to parent record
|
Manage Users permission
|
* View Setup and Configuration permission
|
Configure requires Customize Application permission
* Read / Query requires sharing access to parent record
|
* View Event Log Files permission
|
Data Retention Policy
|
Life of the record
|
6 months FIFO
|
6 months FIFO
|
Up to 10 years
|
Up to 30 days
|
Pricing
|
$0
|
$0
|
$0
|
$0 - 20 fields for 18 months
** $add-on - 60 fields for 10 years
|
$0 - Login/Logout lines for 1 day
** $add-on - 28 log files for 30 days
|
Online Help Documentation
|
* - View All Data will also enable access to everything but Login History
** - Talk with your account executive about the add-on price
Where do you go from here? There are great in-depth online documentation and best practices guides:
- Auditing documentation - high level overview
- Salesforce Security Implementation Guide - in depth best practices guide
- Salesforce Security Workbook - self-paced and interactive exercises
Some additional solutions worth exploring in this area include:
- Session Management - track and revoke user access based on their session
- Chatter File Downloads - standard reporting resource for tracking interactions with chatter files like downloads and previews
- Identity Event Logs - custom report type for tracking OAuth (connected apps) logins
Salesforce is a trusted cloud service. These solutions help you to trust but verify your user's behaviors.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.