Improve your DevSecOps with Salesforce Shield Event Monitoring

Improve your DevSecOps with Salesforce Shield Event Monitoring

Rob Cowell on

Share with



Salesforce Shield is a powerful feature that provides insights into your Salesforce organization’s activity, helping you enhance security, compliance, and performance. It contains many components, such as Shield Platform Encryption, Security Center, enhanced field tracking and sensitive data management.

In this blog post, we’ll explore the capabilities of Salesforce Shield Event Monitoring, its components, differences between standard and real-time monitoring, and how it can be a game-changer for your DevSecOps strategy.

What are the main use cases for Event Monitoring?

Event Monitoring can fulfill a number of very important tasks as you build out a robust DevSecOps process for Salesforce.

  • Security monitoring: Detect and respond to unauthorized access attempts, unusual data exports, and other suspicious activities.
  • Compliance requirements: Ensure your organization meets regulatory compliance requirements by monitoring and reporting on data access and changes, which can be used for auditing purposes.
  • Performance monitoring: Identify and address performance bottlenecks by analyzing login times, API usage, and other performance-related events.
  • User behavior analysis: Understand how users interact with Salesforce to optimize workflows, improve user experience and gauge user adoption.

Consider a scenario where you want to monitor Salesforce data export activities. By analyzing event log files, you can identify users who export large volumes of data frequently. Using the Event Monitoring Analytics app, you can create Salesforce Shield dashboards to track these exports over time and set up alerts to notify security teams of potential data exfiltration attempts.

What comes with Salesforce Shield Event Monitoring?

Salesforce Shield Event Monitoring gives you access to detailed logs of user activity and API calls, which are stored as event log files. These logs provide visibility into what’s happening in your Salesforce environment, allowing you to monitor and analyze various types of events, such as logins, data exports, and changes to records. This feature supports more than 50 event types, ensuring comprehensive coverage of your organization’s activities. You’ll also benefit from a significantly extended data retention period for your logs — up to 10 years.

Event Monitoring features at a glance

FeatureDescription
Event Log FilesCapture events, not just errors, as they happen.
Real-Time Event MonitoringZero-in on specific events and track them in real time for focussed monitoring.
Event Monitoring Analytics AppUse the power of analytics tools to create impactful reports and dashboards around your event data.
Transaction SecurityCreate custom security policies around key operations and data.

Event Log Files

The event log files provide granular details about user interactions within Salesforce, giving you full event detail insight. These details include the who, what, when, and where of user actions, which can be crucial for understanding user behavior, data protection, data categorization and anomaly detection.

For instance, if you notice an unusual number of data export events, you can investigate further to make sure there’s no data leakage or misuse. Querying these logs requires a little more work than standard queries, however. The logs are captured as Salesforce big objects, requiring the use of the Async SOQL Query API to access them. As we’ll see shortly, there are easier ways to read and analyze this data.

Event log file browser in Salesforce

Real-Time Event Monitoring

While standard Event Monitoring provides logs that can be analyzed post-event, Real-Time Event Monitoring takes it a step further by allowing you to create custom alerts and automate responses to specific activities as they happen. This can significantly enhance your threat detection and response capabilities, making your security measures more proactive.

Real-time Event Monitoring allows you to react immediately to critical events. This involves setting up transaction security policies that define specific conditions and actions. For example, you can configure a policy to block a user if they attempt to access sensitive customer data from an unusual location.

Track events in real time in Salesforce
Get event detail insights in Salesforce

Event Monitoring Analytics App

Salesforce Shield comes with a cut-down version of the CRM Analytics product that’s specifically tailored for use with Event Monitoring, so that you can use the power of Salesforce’s Analytics Studio to analyze event log files. It provides advanced data visualization and reporting capabilities, allowing you to create dashboards that display key metrics and trends. This helps in identifying patterns and potential security threats more effectively.

Analyze events in Analytics Studio

Transaction Security

Transaction Security in Salesforce Shield allows you to create policies that automatically monitor and act on events in real-time. For example, you can set up a policy to alert an admin or block a session if a user tries to export a large amount of data, thereby preventing potential data breaches. This is a key measure to protect sensitive data within your organization.

A policy blocking report exports in Salesforce

How to implement Event Monitoring

Implementing Event Monitoring involves several steps:

  • Enable Event Monitoring: Purchase and enable Salesforce Shield in your organization.
  • Configure Event Types: Choose the events you want to monitor based on your organization’s needs and sensitive data classification from actual field data.
  • Retrieve Event Log Files: Use the Event Monitoring API or download logs from the Salesforce UI, so you can process the data.
  • Set up analytics: Use the Event Monitoring Analytics app or other BI tools to visualize and analyze the event data.
  • Set Up Alerts: For real-time monitoring, create transaction security policies and custom alerts.

Is Salesforce Event Monitoring free?

Salesforce Shield, which includes Event Monitoring, is an add-on product for the Salesforce platform and is not included in the base Salesforce license. However, the investment can be justified by the enhanced security controls, compliance, and operational insights it provides. Up to date pricing can be found on the Salesforce Shield pricing page, but at the time of writing it’s priced at 10% of your net Salesforce spend.

How does Event Monitoring contribute to DevSecOps?

Salesforce Shield Event Monitoring is an indispensable tool for enhancing your DevSecOps strategy, which is all about bringing security to every stage of your application lifecycle. Monitoring has always been a fundamental part of DevOps, but with Event Monitoring at this level, you can increase visibility of issues, which in turn aids the Security element of DevSecOps. This is achieved through the fundamental principles of DevOps and DevSecOps: sharing, collaboration and cooperation.

By incorporating Salesforce Shield Event Monitoring into your DevSecOps practices, you can significantly improve your organization’s security posture and operational efficiency.

Keep Salesforce secure with DevSecOps

Want a more comprehensive look at DevSecOps for Salesforce? Check out our DevSecOps ebook for an in-depth guide to making security fundamental to your Salesforce delivery cycle.

Book your Gearset demo to learn more
Contact sales