Salesforce audit trail monitoring

Salesforce provides an option to audit all the activities using its Setup Audit Trail security configuration. By enabling the audit trail, critical events like changes made to security policies, user permissions, sharing permissions, Apex settings and permissions, and more get logged. However, tracking this data is only useful if you can interpret and analyze it properly to derive actionable insights to secure your enterprise.

Salesforce's Field Audit Trail allows you to specify retention periods for data and policies; you can also archive and store them for a maximum of 10 years in your infrastructure. However, the Field Audit Trail does not retain important information such as Created By and Last Modified By in its records, which is crucial when you need to conduct forensic investigations during an incident or a breach.

Auditing Salesforce Setup and Field Audit Trails using Log360

As the Salesforce Setup Audit Trail contains a huge amount of log information, extreme caution has to be exercised while manually analyzing these logs, otherwise you may not notice malicious events that could result in a security incident.

Log360 helps you analyze these logs by generating intuitive and interactive reports that provide a clear view of all the activities taking place in your cloud platform. Using Log360, you can monitor:

  • User permission changes: who made the change, where, and when.
  • Search activity: what data was searched for, and by whom.
  • Report export activity: Who exported which report, and when.

Log360 allows you to store and export audit records in CSV and PDF formats. It reports on user events, user management settings events, application events, and custom management events to help you spot deviant activities in your organization.

Log360's alerting capabilities

Using Log360, you can configure alerts for anomalous activities taking place in all your cloud platforms, including Salesforce. When an attack pattern is identified or deviance is spotted in the activities taking place in your cloud platform, an alert will be raised by Log360, and a notification will be sent directly to your inbox (via SMS and email). Alert messages help you to mitigate threats before they turn into successful attacks.