Salesforce event monitoring — under the hood

The underlying architecture for detecting threats, taking action and monitoring your Salesforce implementation

Photo by Niv Singer on Unsplash
Application events are persisted to file storage
50 event types are persisted into a customers Salesforce org

Transaction Security

9 events made available for Transaction Security Policies

Event Storage

Real time events backed by scalable storage

Real Time Event Streaming

Real time events are published to the Salesforce event bus to allow customers to stream them

Threat Detection

Threat detection subscribes to events to look for anomalies

Credential Stuffing

Credential stuffing — what it is, how it’s detected and how we remediate it. *The analysis, detection and remediation is enabled for all customers. The ability to capture the event requires Event Monitoring.

Session Hijacking

Session hijacking — what it is, how it’s detected and how we remediate it. *The analysis, detection and remediation is enabled for all customers. The ability to capture the event requires Event Monitoring.

2 x Anomaly Events (Report and API)

Anomalous behaviour — the types and how they’re detected. Customers need Event Monitoring to capture these events.

Reporting and Analytics

No Enterprise Tools

Enterprise Tools

The underlying components of Event Monitoring and how they work together

Summary

Further Reading

Developer Advocate @ MuleSoft || Interested in solving unique challenges using different cloud service providers || All opinions are mine.