Salesforce API monitoring

Salesforce application programming interface (API) calls represent specific operations that your client applications request during runtime to perform tasks. For instance:

• Query data in your organization.
• Add, modify, and delete data.
• Obtain metadata about your data.
• Run utilities to perform administration tasks.

Monitoring API call logs is essential to keep tabs on user activities happening in your Salesforce environment.

Types of API calls

There are several APIs in Salesforce, but some of the important ones are:

• REST API
• Bulk API
• Streaming API
• SOAP API

These APIs' logs are generated each time a user accesses the Salesforce database. Monitoring these logs provides insights on what data is being accessed, when, and by whom.

Salesforce monitoring in Log360

Log360, a comprehensive SIEM solution, analyzes all the log data generated by API calls and provides in-depth insights into Salesforce activity. The solution helps you:

1. Monitor user activities: It allows you to keep track of user activities such as failed and successful logins, recent searches by users, recent search clicks by users, and more. With this information, you get a complete picture of a user's behavior in your Salesforce cloud platform.
2. Track report activities: Log360 provides information on the recent report activities and multi-block report activities in the form of intuitive graphical reports and dashboards that help you spot anomalies as well as dig deeper into incidents.
3. Keep tabs on content changes: Log360 helps you monitor the content changes in your Salesforce environment. It provides actionable insights by presenting critical information such as the recent content distribution activity, transfer activities, and the recent attachment documents that have been downloaded. This crucial information helps you detect security threats instantly to prevent data leaks from happening.

A typical security use case that Log360 can solve

Assume that an employee tries to access critical account reports after working hours. They export multiple reports than usual and log out. How can we monitor their activities?

Log360 reports and alerts on both login activity and export activity of users. By configuring alerts for unusual logins and exports, you can keep an eye out for potential data exfiltration in your Salesforce environment.

When the admin receives the notification, they can take a look at the reports, and conduct an in-depth investigation into the incident by performing a quick forensic analysis. Admins can take further actions if the logs confirm suspicious activities.