Detect Threats to Your Salesforce Org (Generally Available)
Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Unlimited, and Developer editions where Event Monitoring is enabled.
Who: Event Monitoring is available to customers who purchase Salesforce Shield or Event Monitoring add-on subscriptions.
How: Use these new Real-Time Event Monitoring platform events to detect common threats to your org:
- CredentialStuffingEvent: Tracks when a user successfully logs into Salesforce during an identified credential stuffing attack. Credential stuffing refers to large-scale automated login requests using stolen user credentials. CredentialStuffingEventStore stores the streaming data for up to 6 months.
- ReportAnomalyEvent: Tracks anomalies in how users run or export reports. ReportAnomalyEventStore stores the streaming data for up to 6 months.
- SessionHijackingEvent: Tracks when unauthorized users gain ownership of a Salesforce user’s session with a stolen session identifier. SessionHijackingEventStore stores the streaming data for up to 6 months.
Since the beta in Spring ’20, we added more features to Threat Detection. You can now:
- View the three Threat Detection storage events in the Salesforce UI using the new Threat Detection app. You can also provide feedback about a particular Threat Detection event.
- Create notification-only Transaction Security policies on the three Threat Detection storage events.
- Read a brief summary of the detected threat with the new Summary field of each event.
- View the full set of browser fingerprint features that triggered a session hijacking event with the new SecurityEventData field of SessionHijackingEvent.
- Create reports on the three events by creating a custom report type that uses one of the three Threat Detection events as its primary object.
- View the posts and feed-tracked changes to the three Threat Detection storage events and the new ThreatDetectionFeedback object.
- Create Einstein Analytics reports and dashboards on the three Threat Detection events.