Event monitoring provides you with the power to visualize however users are interacting with Salesforce in a very whole new way. In today’s world, an oversized range of security threats will return from within your organization. Your users might have access to plenty of sensitive client data that are vulnerable to larceny or unauthorized access. With the introduction of real-time events, you will be ready to take instant action and add a full new level of security to your Salesforce Org.
Real-Time Event monitoring permits (in close to real-time) of a set of events associated with authentication (LoginEvent), [ (ApiEvent), Actions on reports (ReportEvent), etc. real-time events are often organized to be kept in standard big objects (like LoginEvent, ApiEvent, ReportEvent …) or streamed via the Streaming API.
Whereas Event monitoring permits you to look at events after twenty-four hours, real-time Event monitoring helps you monitor the events in Salesforce in real-time. you'll be able to store the event information in big objects for auditing or reporting purposes.
Some real-time Events are kept as big objects so you can verify historical event information for six months to ten years within the past, reckoning on the event, that is way longer than what you can do with event log files in Event monitoring. This unlocks the ability for your security team to analyze if an event happens because of malicious user behaviour.
Real-Time Events: Real-time Events are platform events that are streamed in real-time based on user actions in Salesforce. These real-time events don't seem to be solely streamed instantly as platform events, however, they're conjointly kept in big objects instantly moreover. Once an event is kept in a big object, you can query the event with SOQL and Async SOQL.
Don't forget to check out: Learn About Platform Events in Salesforce
Some necessary terms used in real-time monitoring:-
Event - An event is anything that happens in Salesforce, as well as user clicks, record state changes, and measuring values. Events are changeless and timestamped.
Event Channel - A stream of events on which an event producer sends event messages and event customers to browse those messages.
Event Subscriber - A subscriber to a channel that receives messages from the subscribed channel. as an example, a security app is notified of the latest report downloads.
Event Message - A message is accustomed to transmit information regarding the event.
Event Publisher - The publisher of an event message over a channel, like a security and auditing app.
Some events apply only to Salesforce Classic or Lightning expertise.
Real-time Event Types - There are 5 primary event types that are enclosed with event monitoring.
Authentication – The Login & Logout events enable you to spot various characteristics of a user’s session. This sort of data is often used to spot anomalies within the user’s browser version or a high volume of login attempts. you can also track the sessions within which an admin has logged in as another user.
Data Access – once a user accesses information as a report or list read, every action that takes place is fired as an event. As an example, once a user adds a field to a report or runs an associate degree export. All API transactions are sent.
Page Access – Each time when a user accesses a page, an event is fired.
Threat Detection – These are a series of events that take mass event log data, and are fired once a security vulnerability is detected. The attacks being analyzed for are credentials stuffing, report anomalies, and session hijacking.
Mobile Security Events – As a part of increased Mobile Security (licensing required), there are a further set of events associated with mobile app uses that are enclosed as real-time events. as an example, the MobileScreenshotEvent is revealed every time a user takes a screenshot of their mobile device whereas viewing the Salesforce mobile app.
With real-time Event monitoring, gain larger insights into:
- Who viewed what information and when
- Where information was accessed
- When a user changes a record using the user interface
- Who is performing in and from wherever
- Who in your org is activity actions associated with Platform encryption
- Which admins logged in as another user and also the actions the admin took as that user
- How long it takes a Lightning page to load
- Threats detected in your org, like anomalies in however users read or export reports, session hijacking attacks, or credentials stuffing attacks
Commonly used standard big objects:
Source: developer.salesforce, Salesforce Trailhead