Salesforce Event Monitoring: a way to monitor Organization Trends and User Behaviors

on

Hello everybody, in this article we want to answer a simple question: how can we understand Organization Trends and User Behavior in Salesforce? Let’s discover together a possible answer: Salesforce Event Monitoring.

What is Event Monitoring?

Event monitoring is one of the tools that Salesforce provides to help keep your data secure. It lets you see the granular details of user activities in your organization. These activities are usually referred as events. You can view information about individual events or track trends in events to swiftly identify abnormal behaviors and safeguard your company’s data.

Event Monitoring tracks more than 30 different kind of events and store the event log files. An event log file is generated when an event occurs in your organization and it can be viewed and downloaded after 24 hours.

Some use cases where the power of Event Monitoring is unleashed are:

  1. Discover data loss: catch user bad behaviors by monitoring what kind of report are downloaded and what kind of Visualforce pages the user loads. Think about a user that leave the company and extract all the accounts and leads of your organization, or a user that accesses to an hidden page because of some sharing rule bugs!
  2. Increase adoption: examine what is the most used page and which one is not used at all. You can identify how can evolve you Salesforce org
  3. Optimize performance: track performance and network issues for all the features available in your Salesforce org. This also enable geolocation analysis and comparison between offices in different geographical areas

Event Monitoring is not free and effortless

First of all only a subset of Event Monitoring functionalities is free: login and logout log lines with a retention of only 1 day. To get access to the full event monitoring capabilities you need to:

  1. Have an Enterprise, Unlimited or Performance Edition org
  2. Pay the add-on price to enable the full Event Monitoring Event Types with a 30 day data retention

Tracking events is also an intricated task, because there are some matters to be careful about:

  1. You must use the API, no standard functionality is provided: so, in order to access the event logs, you can use the Salesforce workbench or you can write your own custom apex batch
  2. You have to make analysis and report by yourself, or use one of the ISVs built on top of Event Monitoring
  3. You have to track the data in a custom object if you want an event history with greater data retention (as an example 6 months history data)

Well, it’s time to get our hands dirty! Let’s go to a practical example where Event Monitoring can help to analyze platform accesses and handle potentially security issues.

Tracking Login and Logout

As an application example we decide to talk about the “Tracking Login and Logout” task. Indeed many organizations need to track user sessions for security reasons and Event Monitoring can help to satisfy this kind of requirement.

In order to accomplish this task we can create an Apex Batch that performs the following operations:

  1. Query the EventLogFile object, retrieving the record with a specific log date (in example the day before the batch is launched)
  2. Parse the EventLogFile object returned and extract only the information required
  3. Write the extracted information into a custom object to enable data history
  4. Schedule the batch to run daily

Below you can find a code example with respect to the operations described. For step 4 simply write an apex Apex Scheduler.

Even if we have extracted all the logins and logouts in our org there may be some useful improvements for security and reporting, such as:

  1. Write an algorithm that matches the logins and the logouts extracted, to track the full user session
  2. Improve the security policies regarding user sessions and user data encryption. For this kind of tasks there is a specific product called Salesforce Shield, that enhances Event Monitoring, Platform Encryption and Field Audit Trail

Conclusion

In this article we described the features offered by Event Monitoring and how they can be applied on a practical example: logins and logouts tracking. In conclusion we can say that Salesforce offers a set of raw functionalities concerning Event Monitoring. Furthermore, Salesforce is trying to simplify the overall Event Tracking and Reporting with initiatives like the Event Monitoring Wave App: an integration between Event Monitoring and Setup Audit Trail.

Reference

  1. Get Started with Event Monitoring
  2. Event Log File Documentation
  3. Event Monitoring Quick Start Guide
  4. Salesforce Shield
  5. Event Monitoring Wave App
(Visited 46 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *