If you're having trouble at any stage please contact us at firstname.lastname@example.org.
Sales Cloud application provides a broad set of customers and sales automation and management services delivered as a cloud service. Sales Cloud helps organizations move faster with infinite scalability and lower cost for their sales automation and management. But at the same time, the public cloud Software as a Service (SaaS) model
presents the organization with new security challenges.
The main challenges and needs are to:
- Get and retain full audit of activities in Sales Cloud account
- Retrieve the Sales Cloud account activities as users’ access, permissions changes, opportunities changed, sales accounts updated, files attached, security settings changes and more.
- The granular activities should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Detect security threats and policy violations in Sales Cloud account
What is it
SkyFormation Cloud Connector for Sales Cloud, is part of the SkyFormation Cloud Connectors module. It continuously ingests audit events from multiple audit sources in the Sales Cloud account, unify the events into a common application events format, enrich the events with needed detection context and send the events to any existing SIEM/SOC system.
How it works
SkyFormation Cloud Connector for Sales Cloud retrieves the events from the Sales Cloud service through the service APIs. Before sending the events to the existing SIEM/SOC system the connector will
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event
- Complement the event with missing information
- Enrich the event with detection context as AD identity information
- Encode the resulted event into a standard format as CEF
- Send the event to the existing SIEM/SOC system over syslog
Cloud connector API calls and Salesforce API calls limits
SkyFormation Cloud Connector for Sales Cloud perform at a typical deployment 1500-2200 API
calls a day to the Salesforce platform.
Please review the Salesforce app limits platform API guide and make sure you are ok with the connector's API calls volume.
Please share with us any concerns might you have such in this respect.
Salesforce Audit Sources & Events Supported
|Audit Source (API)||Service/Module Covered||Event Types||Events included|
|Login History||Login Events||Login events as login success, login failed|
|Password Locked Out||Password Locked-Out|
|Setup Audit Trail||Connected Application||Application Created, Application Deleted, Application Installed, Application Uninstalled, Application Blocked Unblocked etc|
|Territory Management||Territory management events as add/remove a user to a territory, create/delete a territory, opportunity aaccess level update in territory, add/remove territory assignment rules etc|
|Delegated Authentication Management||Changes in configuration and settings of the delegated authentication mechanism|
|Permissions Management||PermissionSet||Permission-set events as Permission-set created, deleted, assigned , unassigned renamed, update of user permissions, update of apex class access permissions, update of tab permissions etc|
|Profile Management||Profile||Profile clone, deleted, renamed, changed, field permission updated, view all permission added, connected apps enabled/disabled for profile etc|
|Group Management||Group||Group created, deleted, renamed, membership updated etc|
|Password Management||Password changed, reseted|
|User Management||User||Created, Freezed, Unfreezed, deactivated, activated, unlocked, email updated etc|
|Role Management||UserRole||Role created, deleted, assigned, unassigned, replaced etc|
|Security Settings||NetworkAccess, PasswordPolicy, SessionSettings||IP whitelist added/deleted/updated, password policy changes and session security settings changes|
|Content Version||File Upload Management||ContentDocument, Document, Attachment||File/content document/document/attachment uploaded, updated, deleted etc|
|Content Version History||File Version Management||ContentDocumentHistory||Represents the history of a specific version of a document. File uploaded, updated, deleted, downloaded etc|
|Content Distribution View||File Distribution Use||ContentDistributionView||Represents information about views of a shared file. File downloaded, previewed etc|
|Content Distribution||File Distribution Management||ContentDistribution||Represents information about sharing a file externally. File shared, File un-shared etc|
|Content Workspace||Workspace Management||ContentWorkspace||Represents a content library. Workspace created|
|Event Monitoring||EventLogFile||Export report, run report, delegate login, dashboard view, file uploaded, file downloaded, filre preview, object view etc. Audit you can use to analyze usage trends and user behavior.|
How to on-board Sales Cloud Connector to SkyFormation