Real-Time Event Monitoring

Trailhead Link
Shield Platform Encryption

  • Define Real-Time Event Monitoring and Real-Time Events
  • Understand how Real-Time Event Monitoring differs from Event Monitoring.
  • Distinguish between platform events and big objects
  • Define Transaction Security
  • Describe Real-Time Event Monitoring use cases

** The function described in this module requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

Streaming API
Streaming API enables streaming of events using push technology and provides a subscription mechanism for receiving events in near real time. The Streaming API subscription mechanism supports multiple types of events, including PushTopic events, generic events, platform events, and Change Data Capture events.

Streaming API appropriate scenarios
1. Frequent Polling Applications that have constant polling action against the Salesforce infrastructure, consuming unnecessary API calls and processing time, would benefit from streaming API because it reduces the number of requests that return no data.
2. Notification that requires general notification of data changes in an org to reduce the number of API calls and improve performance.

What is Real-Time Event Monitoring?
Real-Time Monitoring can be used with Transaction Security to automatically block risky user actions and notify you in real time when they occur. Real-Time Event Monitoring stores event data for auditing or reporting purposes, in some cases much longer than data stored using traditional Event Monitoring.

Event Monitoring vs. Real-Time Event Monitoring
1. near-real time monitoring of specific platform events
2. querying events stored in big objects.
Event – Anything that happens in Salesforce, including user clicks, record state changes, and measuring values. Events are immutable and timestamped.
Event Monitoring – On of the many tools that Salesforce provides to help keep your data secure, allowing you to see the granular details of user activity in your organization. We refer to these user activities as events. Store activities and a log
Event Log File – In Vent Monitoring, all events are stored in EvenLogFile standard object event types, which are generated when an event occurs in your org and is available to view and download after 24 hours, as well as on an hourly cadence via hourly EvenrLogFiles. EM stores 30 days.
Real-Time Event Monitoring – Whereas EM allows you to view events after 24 hours, Real-Time EM helps you monitor and detect standard events in SF in near real-time, You can store the event data in big objects for auditing or reporting purposes.
Real-Time Events – Real-Time events are platform events that are streamed in real-time based on user actions in SF. These Real-Time events are not only streamed immediately as platform events but they are also stored in big objects immediately as well. Once an event is stored in a big object, you can query the event with SOAL and Async SOQL.

Distinguish b/w Platform Events and Big Objects
Using Real-time event monitoring, you can interact with events by subscribing to standard platform events, or by investigating events stored in big objects.
1. Standard Platform Events – Real-Time Monitoring provides standard platform events that you can subscribe to for monitoring user activity in real-time. such as logins and running reports. The user’s actions are captured and streamed as a platform event. You can also create custom services that subscribe to platform events so that your team can be alerted in real-time when certain activity is captured by Real-Time Event Monitoring. For example, you can subscribe to the event channel for loginEventStream to receive notifications when users log in. Other examples include reports, list views, logins, API calls and when records are modified.

2.Event Objects – Real-Time Event Monitoring objects have three primary uses: Streaming data, storing data, and enforcing policies on data. But these uses don’t apply to all objects. SEE Supported Objects

STREAMINGSTORAGEPOLICY
ApiEventStreamApiEventApiEvent
LightningUriEventStreamLightningUriEventn/a
ListViewEventStreamListViewEventListViewEvent
LoginAsEventStreamLoginAsEventn/a
LoginEventStreamLoginEventLoginEvent
LogoutEventStreamLogoutEventn/a
ReportEventStreamReportEventReportEvent
UriEventStreamUriEventn/a

3. Big Objects – Some Real-Time Events are stored as big objects so that you can look at historical event data for 6 months to 10 years in the past, depending on the event, which is much longer than what you can do with event log files in Event Monitoring. This unlocks the power for your security team to investigate if an acident occurs because of malicious user behavior.

Platform EventObject for Event StorageCan Be Used in a Transaction Security Policy?
ApiAnomalyEventApiAnomalyEventStore
BulkApiResultEventBulkApiResultEventStore
ConcurLongRunApexErrEventNot Available
CredentialStuffingEventCredentialStuffingEventStore
Not AvailableIdentityVerificationEvent
ListViewEventStreamListViewEvent
LoginAsEventStreamLoginAsEvent
LoginEventStreamLoginEvent
LogoutEventStreamLogoutEvent
ReportAnomalyEventReportAnomalyEventStore
ReportEventStreamReportEvent
SessionHijackingEventSessionHijackingEventStore

Using Real-Time Event Monitoring

Prerequisites

Enable A Real-Time Event for Streaming

1. Enable the real-time event ReportEventStream for streaming.

  1. In your playground, in Setup, enter Event Managerin the Quick Find box, and then select Event Manager.
  2. For Report Event, select Enable Streaming and Enable Storage from the dropdown.

2. To download the EMP Connector project files, open a terminal.

  1. On Windows, enter CMD in the search box at the bottom of your home screen next to the start button.
  2. On Mac, press the Command button and the space bar simultaneously to open a search bar on your screen. Then enter Terminal to search for Terminal. Double-click Terminal in the left sidebar to open your Mac’s terminal.

3. In the terminal, clone the repository from GitHub with this command:

  1. git clone https://github.com/forcedotcom/EMP-Connector
Subscribed: Subscription [/event/LoginEventStream:-2]
 Received:
{
"schema":"____________________",
"payload":{
"EventDate":"20__-__-__T02:29:35.000Z",
"AuthServiceId":null,
"CountryIso":"US",
"Platform":"Unknown",
"EvaluationTime":0.0,
"CipherSuite":"____-___-______-__-______",
"PostalCode":"_____",
"ClientVersion":"N/A",
"LoginGeoId":"04_________",
"LoginUrl":"login.salesforce.com",
"LoginHistoryId":"0Ya4___V",
"CreatedById":"005___",
"SessionKey":null,
"ApiType":"SOAP Partner",
"AuthMethodReference":null,
"LoginType":"Other Apex API",
"PolicyOutcome":null,
"Status":"Success",
"AdditionalInfo":"{}",
"ApiVersion":"44.0",
"EventIdentifier":"________-_____-___",
"RelatedEventIdentifier":null,
"LoginLatitude":__.____,
"City":"________",
"Subdivision":"_____",
"SourceIp":"___.___._.___",
"Username":"_________@________.com",
"UserId":"_________________",
"CreatedDate":"20__-__-__T02:29:41.327Z",
"Country":"United States",
"LoginLongitude":-___._____,
"TlsProtocol":"TLS 1.2",
"LoginKey":"______________",
"Application":"N/A",
"UserType":"Standard",
"PolicyId":null,
"HttpMethod":"Unknown",
"SessionLevel":"STANDARD",
"Browser":"Unknown"
},
"event":{
"replayId":1793690
}
}

Shield Ecryption

Shield Platform Encryption Implementation Guide

Shield Platform Encryption Architecture White Paper

Protect Your Salesforce Data with Shield Platform Encryption

Tradeoffs and Limitations of Shield Platform Encryption
To encrypt fields on these objects, you must have access to them: ServiceAppointment, LiveChatTranscript, ConversationContextEntry, Employee, BusinessLicense, BusinessLicenseApplication, BusinessProfile, CourseOffering, PublicComplaint, RegulatoryCodeViolation, ViolationEnforcementAction, TrnCourse, AccountParticipant, OpportunityParticipant, MlIntentUtteranceSuggestion.

These apps don’t support data encrypted with Shield Platform Encryption. However, you can enable Shield Platform Encryption for other apps when these apps are in use.

  • Connect Offline
  • Commerce Cloud (Salesforce B2B Commerce version 4.10 and later is supported)
  • Customer 360 Data Manager
  • Data.com
  • Einstein Recommendation Engine in Marketing Cloud (includes Einstein Recommendations, Einstein Web Recommendations, and Einstein Email Recommendations)
  • Einstein features other than Einstein Analytics (Einstein Analytics supports Shield Platform Encryption)
  • Heroku (but Heroku Connect does support encrypted data)
  • Marketing Cloud (but Marketing Cloud Connect does support encrypted data)
  • Salesforce IQ
  • Social Customer Service
  • Thunder
  • Quip
  • Salesforce Billing

Resources

Video: Tighten Your Security with Salesforce Shield Platform Encryption

Set up Shield Platform Encryption

Manage Permission Set Assignments

Which Fields Can I Encrypt?

Encrypt Files and Attachments

Shield Platform Encryption Applications

  • Identify best practices when setting up Shield Platform Encryption.
  • Describe how Shield Platform Encryption affects apps and sandboxes.
  • Understand how Shield Platform Encryption affects the way users access information in your org.

Salesforce offers a range of tools to help protect data. Even though American Bank is now using Shield Platform Encryption as an additional layer of protection for data stored at rest, the bank still needs to take other steps to secure who has access to data from within their org.

  • Assign non-encryption related permissions to control who sees what information.
  • Use roles and profiles to control access to sensitive data, just like you would without encryption enabled.
  • Use field-level security settings, page layout settings, and validation rules, not Shield Platform Encryption, to control which users can see which data.