![]() |
Sample Visualforce Page using Google Charting API |
Starting with the Summer '15 release, we're introducing key data leakage detection information through a pilot program. The goal of the pilot is to enable customers to query specific data leakage use cases in near real-time for analysis purposes.
The initial pilot of the Data Leakage Detection pilot tracks SOQL queries in near real-time from the SOAP, REST, and Bulk APIs. Because greater than half of all data accessed on the platform is performed via these APIs, organizations can gain greater insights into:
- Who saw what data
- When they saw that data
- Where they accessed the data
- What fields they accessed
- How long a query took
- How many records they accessed
When combined with the Login Forensics pilot, you can also track every query back to a unique login to identify anomalies in user behavior.
Each event consists of key information about the API transaction including:
- AdditionalInfo
- ApiType
- ApiVersion
- Client
- ElapsedTime
- EventTime
- Id
- LoginHistoryId
- ObjectType
- Operation
- RowsProcessed
- Soql
- SourceIp
- UserAgent
- UserId
- Username
This means you can find out who (e.g. Username), saw what (e.g. Soql) including sensitive PII (Personally Identifiable Information) fields, how much (e.g. RowsProcessed), how long (e.g. ElapsedTime), when (e.g. EventTime), how (e.g. UserAgent), and from where (e.g. SourceIp). Plus, you can correlate all of this information back to the original Login (e.g. LoginHistoryId) to profile user behavior and disambiguate between legitimate and questionable activity beyond the login.
Once the pilot is enabled in your organization, you can visualize a set of events using the sample Visualforce page with Google Charting API from my Github repository.
To learn more specifics about the Data Leakage Detection Pilot functionality, read the pilot tip sheet and to participate in the pilot, please contact your account executive or customer support rep.
Hi Adam,
ReplyDeleteI tried to deploy the file from github. But it is showing an error that the sObject ApiEvent is not supported. Am I missing something?
Thanks!
saran
Hi Saran, thanks for reading the blog. Apievents is only available as a pilot program. A support rep or your AE should be able to help you get enrolled in the program. Thanks!
DeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHi Adam,
ReplyDeleteThis feature 'Data Leakage Detection' , has it been taken off or still in pilot?
It's still in pilot
Deletenice
ReplyDeleteHi Adam, do you know if this feature is part of the Shield Event monitoring product. I would assume so?
ReplyDeleteGreat Article
ReplyDeleteCyber Security Projects
projects for cse
Networking Security Projects
JavaScript Training in Chennai
JavaScript Training in Chennai
The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training