Skip to main content Join the Agentforce Virtual Hackathon to build innovative solutions and compete for a $50k Grand Prize. Sign up now. Terms apply.
GroupsOfficial: Shield and Security Center
Group

Official: Shield and Security Center

This group is the official discussion forum for customers and partners who are using Salesforce Shield, including Platform Encryption, Event Monitoring, Field Audit Trail, and Data Detect; and Salesforce Security Center. It's a forum for customers to provide feedback, requirements and share ideas. Customers may also leverage this group to collaborate with each other on best practices. This group is maintained and moderated by a salesforce.com employee(s). The content received in this group falls under the official Safe Harbor. Please also see our official Salesforce Customer Community Terms of Use.
Ask a question...
Ayu P
Feb 15, 12:36 AM
A team recently implemented the Shield platform encryption and was wondering what needs to be maintained after implementation?

 1. Do I have to export the key from production and store in my system?  

2. Do I have to rotate the key for each Salesforce release ( any reference on how to do it)?  

3. Is the key different for production and sandbox?  

#Salesforce Developer #Data Management #Salesforce Admin #Security

1 answer
  1. Mike Smith (Salesforce)
    Feb 18, 12:11 AM

    1. This is highly recommended. If someone were to maliciously or accidentally destroy a tenant secret, your exported key can be reimported. https://help.salesforce.com/s/articleView?id=xcloud.security_pe_import_export_keys.htm&type=5

     

    2. This is not required. You should rotate keys based on your organization's security policy.

    https://help.salesforce.com/s/articleView?id=xcloud.security_pe_rotate_keys.htm&type=5

     

    3. Not by default. It is a best practice to do a key rotation upon sandbox refresh or creation.

    https://help.salesforce.com/s/articleView?id=xcloud.security_pe_sandboxes.htm&type=5

Write an answer...
0/9000
Buyan thyagarajand (Partner at Eigen X)
Jan 29, 11:52 AM

https://sforcemaximizer.com/how-to-set-salesforce-admin-privileges-for-companies-to-reduce-risks/

 

If you are an admin, architect, IT leader, CRM leader, or Infosec team member worried about excessive permissions in your Salesforce org for admin users, my blog provides best practices on using  standard Salesforce system admin profile vs a cloned admin profile, which will help reduce risks and prevent problems.

@Higher Ed User Group, Northeast, US@Admin Trailblazers@Admin Group, Philadelphia, US@Admin Group, Mount Laurel, US@Admin Group, Columbia, MD, US@Architect Group, Los Angeles, US@Architect Group, Atlanta, US@Architect Group, London, UK@Architect Group, Chennai, IN@Official: Shield and Security Center@Admin Tricks@Marketer Group, Philadelphia, US@Manufacturing User Group

Write a comment...
0/9000
Buyan thyagarajand (Partner at Eigen X)
Jan 13, 10:48 AM
How can we check if the client purchased field history tracking and event monitoring

Hi Guys,

I have  a client who has purchased Salesforce shield. I am trying to check in the salesforce org on whether the client purchased field history tracking or event monitoring. Is there an easy way to check this on the org? I could not see any licenses or permissionsets for it.

Buyan

4 answers
  1. Manoj Nambirajan (Dell Technologies) Forum Ambassador
    Jan 13, 11:22 AM

    @Buyan thyagarajand to my understanding.. salesforce shield license as such will cover event monitoring and field audit trial by default. Unless.. the client bought specific features individually.

     

    But to check if these are enabled.. below steps can be taken

     

    1. Field audit trial -> When enabled, few related profile permissions that come through are  Delete From Field History and Delete From Field History Archive . Help check if those are available.

    2. Event monitoring -> Access Event Monitoring Analytics Templates and Apps is one of the profile permissions that can be seen if Event Monitoring is purchased. And via api.. you can also check if Event Log file object is available.

Write an answer...
0/9000
Akhil Chandran (Software Developer at Opteamix LLP)
Jan 13, 4:53 AM
ReportAnomalyEventStore records not generating eventhough event monitoring is enabled in my Developer edition org

Have enabled event monitoring in my developer edition org. I have tried generating reports on Accounts in a random anomaly pattern. The ReportEvent object seems to be storing the records in real time based on each report run which is expected behaviour. However, the ReportAnomalyEventStore records does not seem to be getting inserted even though I have tried replicating a anomalous behaviour by running the report to export a very large record set. Please guide me on how to generate a anomaly in this org so that I can test the functionality.

8 answers
  1. Chris Feldhacker (Principal Financial Group)
    Jan 13, 2:26 PM

    Threat events require 90 days of activity to establish a baseline of "normal" activity.  After that, anomalous activity should be detected.  Try running reports from the same machine, at the same of day every week for X number of weeks.  After that, switch to a different OS platform, different browser, and run the report on a weekend.  I would expect an event to appear.

Write an answer...
0/9000
Ajit Yadav (Salesforce Consultant at CRISIL)
Jun 26, 2024, 12:15 PM
How to download Up to 1 Year of Event Log Files

Hi Everyone,

 

I am trying to download the event log files with up to 1 year of data from Event Log File Browser but its showing data for only 1 month. I have enabled Retain event log files in Event Monitoring Settings and updated the eventLogRetentionDuration field in EventSettings xml.

 

Please let me know if I am missing any steps here.

 

Thanks

 

#Salesforce Developer

8 answers
  1. Doug Merrett (Platinum7)
    Jun 26, 2024, 12:28 PM

    Hi Ajit,

    Firstly you need to make sure you have turned on the ability to store up to 365 days in the UI of Event Monitoring Settings. Unless you want to have less than 365 days, there is no need to modify the metadata XML for the retention period.

    The thing is, Salesforce do not do retrospective logs. What will happen is that the logs you have won't be deleted after 30 days anymore, they will be deleted after 365 days. So your current 30 days will just grow to 365 days and then they'll start to be deleted.

Write an answer...
0/9000
Jerome DEVEMY
Nov 13, 2024, 2:42 PM
Can event monitoring data be integrated in Tableau ?

Hello

My customer is using both Event Monitoring and Tableau. We have Tableau ressources in the team.

We are aware of the included CRM Analytics licences but we do not have CRM Analytics knowledge in the team.

We would like to know if event monitoring data can be integrated in Tableau in order to be analysed. 

Is the integration  possible via API ( bulk ? ) or a connector ?

 

Regards

Jérôme

3 answers
Write an answer...
0/9000
Appa Reddy Manda
Oct 10, 2024, 4:55 AM
Monitor User Activity in Salesforce

Hi Team,

 

Can you please let me know if it is possible to capture all the events that a user does in Salesforce with Salesforce shield?

What exactly we are looking is to capture all the user activity including the records that the user has accessed and viewed in Salesforce. Can this be achieved with Shield implementation.

 

Can you please provide your advice on this.

 

Thanks and Regards

Appa

1 answer
Write an answer...
0/9000
Spencer Riley (Sr. Director at Slalom)
Oct 22, 2022, 7:54 PM
Salesforce Security Transaction Policy Best practices?

If there a Salesforce Security Transaction Policy template out there that can be used as a starting point? For example  "20 Security Transaction Policies that all companies should consider". I understand that they may be different for every company, but there must be some standard policies that should be implemented as best practice. Here are a few examples:

 

  • 500 Long Running Transactions in the last hour
  • Bulk API Batch Limit Exceeded (>=15k in the last 24hrs)
  • 100 Row Lock Errors in the last hour
  • Login Rate Exceeded Exception (a single user attempting to log in at least 3,600 times in an hour)
  • Login Attempt from an Inactive User
  • 10 Null Pointer Exceptions in the last hour
  • A User had >=2.5k Transactions in the last hour
8 answers
  1. Chris Feldhacker (Principal Financial Group)
    Oct 25, 2022, 2:28 PM

    All of the examples suggested wouldn't really be suited for a Transaction Security Policy, but would be more appropriate for a SIEM-type tool that can analyze Salesforce events/logs, like Splunk, Elastic, FairWarning, etc.

     

    TSP is more appropriate for an immediate action that needs to happen right now based on the action one user is currently performing.  Salesforce does provide some example TSP policies, under each type on the Type of Enhanced Transaction Security Policies page.  For example, notifying when a user runs an API query that returns many rows, or blocking a user that is trying to download a report that contains too many rows or perhaps a particular column.  

Write an answer...
0/9000
David Vowels (Sales Automation Specialist at Foxit Software)
Feb 15, 2022, 4:15 PM
Event Monitoring alternatives

I am pushing for my company to purchase the Event Monitoring add-on.

My company wants me to explore alternatives.

Splunk and Dynatrace are Enterprise tools and I am guessing are "too much tool" for our use case.

Are there any other apps in the app store that you could recommend?

5 answers
  1. Matt Pieper (LeafLink)
    Feb 15, 2022, 4:46 PM

    Datadog is fantastic and great for the rest of your DevOps/SRE/Engineering teams. If Datadog or another APM is too much, you may consider Sumologic although the cost may break even.

Write an answer...
0/9000
Maggie Liu (Program Analyst at Salesforce)
Jun 27, 2024, 6:07 PM

🔒 How a New Certification Helps You Keep Your Business Secure and Compliant 🔒

 

⚖️  Protecting sensitive data can be a challenge. Security Center’s latest FedRAMP High IL4/IL5 certification makes it a compliant solution for government agencies and organizations. Learn how we are committed to keeping sensitive information in the cloud safe.

 

📖 Read the latest blog post

 

#Security #SalesforceSecurity

Write a comment...
0/9000