For prerequisites and installation steps see Salesforce Quick Start Setup Guide.
Cisco Cloudlock monitors Salesforce in the following policies:
- Build Your Own: Event Analysis
See UEBA for more information and a complete list of Salesforce Events
Salesforce also has its own unique policy:
This policy triggers incidents for Salesforce Report Export events.
Frequency—The range for which reports are expected to be exported within a certain number of days. Any frequency beyond this range will trigger an incident.
Location—Choose the countries where exporting reports is acceptable. Any countries not listed will trigger an incident a user exports a report.
Profile—List any users that do not need to be flagged for exporting reports.
*Business Hours —Define the range of time reports can be exported. Any reports exported outside of this range will trigger an incident.
Report Export Activity Prerequisites
The Salesforce Report Export Activity Policy requires Salesforce Shield Even Monitoring and must be enabled. Contact [email protected] for more information.
In addition to the Global Response Actions available in all platforms, Salesforce also has three unique Response Actions:
Blocks the export for 24 hours including accounts, contacts, cases, leads, and opportunities.
Flags chatter or files for the Salesforce community moderator.
Encrypts fields on objects
Salesforce Response Actions
- Flag for Community Moderator and Selective Encryption can only be used in a policy where Salesforce is the only platform selected for monitoring
- These two response actions cannot be used together but can be used with Transaction Security
For DLP incident you can click View Object in the uppermost right corner to view the file that violated the policy.
When viewing an object with Salesforce you will be redirected to log into Salesforce to view the object. Only Salesforce users with permissions to view SObjects can view the incident object. Permissions for SObjects may vary, but in general system administrators in Salesforce can view all objects.
Updated 3 months ago