Salesforce user activity monitoring

Why monitor user activity

User activity monitoring in cloud-based applications is an important part of the security and risk management process. It helps identify misuse of privileges and insider threats, and protects sensitive data hosted on the cloud.

In cloud applications such as Salesforce, large amounts of customer relationship management (CRM) data is stored and accessed by multiple users on a regular basis. An unintentional misconfiguration or misuse of privileges can lead to data leaks and subsequently cause compliance violations as well. Real-time user activity monitoring ensures data security is maintained, and compliance standards are met.

User activity monitoring on Salesforce with Log360

Salesforce provides limited user tracking abilities including field tracking and Setup Audit Trail. Any modifications made to fields are tracked by the "Last Modified" tag in the records.

Setup Audit Trail helps you track configuration changes by administrators, however, no provision is available to track other user actions such as logins, logoffs, report activity, etc. Though these events are recorded in log files, sifting through them to identify malicious activity or correlate unusual activity patterns can often be time consuming and ineffective.

Log360 simplifies user activity monitoring by collecting and analyzing Salesforce log files. It audits and reports on multiple user actions including logins, content sharing, downloads, report building, and much more. With a powerful correlation engine, Log360 alerts you about any unusual patterns of user activity in Salesforce.

Detecting a brute-force attack attempt in Salesforce

One of the easiest and most common methods of attempting to gain unauthorized access to an application is through brute-force. The attacker tries entering a number of passwords until they guess correctly and gain access.

With Log360, you can easily configure a threshold-based alert to detect brute-force attacks. Administrators can then investigate further with the use of reports. Multiple failed logins within a short time interval to a single or multiple accounts is likely the result of a brute-force attack.

With Log360 you can:

• Monitor who logged in from where and when.
• Detect logins during odd hours.
• Detect suspicious content transfers.
• Track report export activity on sensitive data.

And much more.

Log360 Salesforce user activity monitoring offers:

• Login activity monitoring: Get insights on user logins, failed user logins, and more
• Content activity monitoring: Keep track of content that's been transferred, distributed, and downloaded
• Report activity monitoring: Get insights on users' report activities including report exports and multi-block actions.