Admin Detectives

Tech Lead, ET Marlabs

Salesforce.com provides many ways to keep your data secure with security settings like Org Wide Defaults, Profiles, Field Level Security, etc. There are Prevention and Tracking methods – prevention to keep away data from being exposed to unwanted users/sources, and Tracking to find out the culprit.

Apart from the conventional Audit Trail and Login Hours/IP Ranges Tracking there are loads of other “event” tracking provided by Salesforce.com. Event Monitoring in Salesforce provides 29 types of events such as Login, Logout, UI Tracking (SF1), API Calls, Report Exports, etc. Ever wondered if you could find the culprit who exported a report? With Event Monitoring you can!

All log files of Event Monitoring are available in Enterprise, Unlimited and Performance Edition at an additional cost, while login and logout log files are available for free. The good news is,the Developer Edition has free access to all 29 log files. Note that it is available only after 24 hours and is stored for only 24 hours in DE. This is an API-only feature for now;it’s not available in Setup area. That means to view various “events” you need to access EventLogFile through Workbench or any other similar tools.

Using the Workbench you can query the number of EventLogFile records. Also you can explore the attributes and fields of this object to understand it a little deeper. All these are simple and straight forward. Now, viewing the event records in Workbench is challenging, especially because of the format of the output provided by REST Explorer or SOAP (SOQL Query Editor).

There are many ways to view these files in a more ‘readable’ format like .csv. Easiest of them all is event log file browser application. This downloads the log into .csv file. If there are too many event log records, going through each of them in excel/csv is cumbersome. Some of the tools that will help in reading/understanding the data:

Salesforce Analytics Cloud

Splunk App

CloudLock and CloudLock Viewer

ezCloudAudit

After strong prevention, if still there were some loopholes in securing your data, with these techniques you can trace them easily. In my next blog I will share my experience working with the 29 event log files.

 
Back to Blog