01 December 2016

Two New Keys To Unlock Your Salesforce Users Event Data



Two New Keys To Unlock Your Users Event Data
Have you been exploring the new release with Event Monitoring? If so, you might have seen the Event Monitoring event log lines that contain Login_Key and Session_Key columns. These are new fields that tie together all the different events in a Salesforce user’s or admin’s login session or activity session, respectively.

Introducing Login Key and Session Key


Purpose of the Login Key and Session Key fields are to help provide specific identifier for a user’s login session across various log lines to give customers a better 360 degree view of users behavior within the Salesforce application for a given security investigation, understanding and exploring specific user behavior or when researching a specific application or performance issue.

Let’s see them in action. Here's an example showing URI event logs - in other words, users’ click path in the Salesforce application across the various generated log lines. To easily see a more concise view of what each user is doing, you can now use LOGIN_KEY as an identifier across the different Events to tie them together as well separate different actions together with this powerful identifier. Please see from the picture below and example of the LOGIN_KEY field within URI event logs.

Login Key and Session Key Examples


So how can you best take use of this identifier? I’ve collected couple of examples here, please leave your thoughts and additional ideas to the comments below.

Your application can generate a ton of URI log lines. When researching for specific user’s log lines, you might easily run into issues of finding the needle in the haystack. You can use LOGIN_KEY as grouping mechanism to separate different user sessions and volume of activity.

Example 1: Splitting User Activity Forensics by Different User Sessions  


Looking at URI (i.e. page views) for example in this picture below, we’ve aggregated all URI Logs for user Jari Salomaa on September 23rd. We can see there’s 5 different LOGIN_KEY’s that separate the different sessions ranging from logins from Salesforce1 Mobile, Safari, Chrome browsers from which, there’s over 200 log entries for one specific Login session that we can click and expand and investigate more closely what specific pages those URI logs contain.

Screen Shot 2016-10-19 at 2.28.03 PM.png


Additionally for the security conscious customers, whether on Sales Cloud or Service Cloud or other Salesforce products, understanding data export activity is always important. Who is downloading customer data to their local computers and especially if that happens in very large volume.

As an example building real time alerts and policies is important when there are large volume data export activity taking place from different hours of the day outside the typical business hours. This is often the case with compromised credentials and different hacker groups placed in different countries like Russia, China and Eastern Europe targeting valuable data. If you don’t have business users logging in and exporting data in these regions you can use LOGIN_KEY and SESSION_KEY to better understand past behavior against different timezones your business operates.

Example 2: Monitoring the number of report exports with SESSION_KEY Salesforce Customers can obtain better visibility to their application’s report export behavior by grouping the ReportExport log line dataset grouped by the hour of the day


How to identify non business hours data export activity and build alerts

  1. Use Event Monitoring Wave App or any of your preferred data visualization tools or Event Log File Browser if you have small volume of logs) to download ReportExport Log Lines
  2. Group your ReportExport log lines by SESSION_KEY
  3. Sort the logs by hour of the day
  4. Identify non business hour ReportExport events based on your business hours
  5. Build APEX policy with Transaction Security to alert on a specific threshold e.g. for Account, Opportunity, Lead, Case, Contact etc entity download object by specific timeframe

Screen Shot 2016-12-01 at 3.15.59 PM.png

Example 3: Using LOGIN_KEY and SESSION_KEY as identifier across various support 25 log lines


  • Use it as ID to construct a complete view for forensic investigation to user activity, for example to understand what the user did, which pages the user visited given a specific login session and pull all of that information together in it's own table
  • Separate different user sessions within a specific login session within user's credentials, for example when user may have been logged in from API clients, user interface and other places and when it’s hard to understand which session contains unwanted or suspicious behavior
  • Parse together otherwise complicated session keys to more holistic view

Event Logs That Support Login and Session Key


1. Apex Callout - details about callouts (external requests) during Apex code execution
2. Apex Execution - details about Apex classes that are used
3. Apex SOAP - details about Web Services API calls
4. Apex Trigger - contains details about triggers that fire in an organization
5. API - contain details about your organization’s Force.com Web Services API activity
6. Asynchronous Report Run - created for scheduled report requests that includes dashboard refreshes, asynchronous reports, scheduled reports and analytics snapshots
7. Bulk API - contains details about Bulk API requests
8. Change Set Operation - contains information from change set migrations
9. Console - contains information about the performance and use of Salesforce console whenever opened with a sidebar component
10. Dashboard - contains details about dashboards that users view
11. Login - your organization’s user login history
12. Metadata API Operation - contains details of Metadata API retrieval and deployment requests
13. Multiblock Report - contains details about Joined Report reports
14. Package Install - contains details about package installation in the organization
15. Queued Execution - details about queued executions, for example Batch Apex
16. Report - contains information about what happened when user ran a report
17. Report Export - contains details about reports that a user exported
18. REST API - contains details about REST specific requests
19. Sites - contains details of site.com browser UI or API requests
20. Transaction Security - contains details about policy execution
21. URI - contains details about user interaction with the web browser based UI
22. Visualforce Request - contains details of browser UI or API based Visualforce requests
23. Wave Change - represents route or page changes made in the Salesforce Wave Analytics user interface
24. Wave Interaction - tracks user interactions with the Wave Analytics user interface
25. Wave Performance - help you track trends in your Wave Analytics performance

For more details about supported events, see the SOAP API Guide for additional updates and details, which is updated each release. Thanks for Melissa Kulm, Mike Jacobsen and Lakshmisha Bhat for their invaluable feedback and comments on this blog.

Please feel free to leave feedback below!



17 comments:

  1. Use it as ID to construct a complete view for forensic investigation to user activity, for example to understand what the user did, which pages the user visited given a specific login session and pull all of that information together in it's own table Marketing Cloud Email Specialist Exams

    ReplyDelete
  2. Be that as it may, the shopping pattern is turned around now. Instead of purchasers, items get drive to their doorsteps today. data science course in pune

    ReplyDelete
  3. Well, the most on top staying topic is Data Science. Data science is one of the most promising technique in the growing world. I would like to add Data science training to the preference list. Out of all, Data science course in Mumbai is making a huge difference all across the country. Thank you so much for showing your work and thank you so much for this wonderful article.
    Data science course in Mumbai

    ReplyDelete
  4. Attend The Data Science Courses in Bangalore From ExcelR. Practical Data Science Courses in Bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Science Courses in Bangalore.
    ExcelR Data Science Course Bangalore

    ReplyDelete
  5. Such a very useful article. I have learn some new information.thanks for sharing.
    data scientist course in mumbai

    ReplyDelete
  6. Nice blog Thank you very much for the information you shared.
    data science

    ReplyDelete
  7. I have bookmarked your website because this site contains valuable information in it. I am really happy with articles quality and presentation. Thanks a lot for keeping great stuff. I am very much thankful for this site.
    Excelr- business analytics courses

    ReplyDelete
  8. Well, the most on top staying topic is Data Analytics. Data Analytics is one of the most promising technique in the growing world. I would like to add Data Analytics training to the preference list. Out of all, Data Analytics course in Mumbai is making a huge difference all across the country. Thank you so much for showing your work and thank you so much for this wonderful article.
    Data Analytics Course in Mumbai

    ReplyDelete
  9. Such a very useful Blog. Very interesting to read this article. I have learn some new information.thanks for sharing. know more about

    ReplyDelete
  10. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.
    ExcelR data analytics

    ReplyDelete
  11. Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing.
    ExcelR Business Analytics Course

    ReplyDelete
  12. Awesome..I read this post so nice and very imformative information...thanks for sharing
    Click here for data science course

    ReplyDelete
  13. Great post i must say and thanks for the information. Education is definitely a sticky subject. However, is still among the leading topics of our time. I appreciate your post and look forward to more. excelr data science

    ReplyDelete
  14. I am really enjoying reading your well written articles. It looks like you spend a lot of effort and time on your blog. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work.
    ExcelR data science course in mumbai

    ReplyDelete
  15. Utilizing prescient examination, associations can find and endeavor patterns present inside information to distinguish openings and dangers. Data Analytics Course

    ReplyDelete