Salesforce Real-Time Event Monitoring

Feature

Germain UX Salesforce Real-Time Event Monitoring collects all Salesforce events in near real-time. It allows to:

Detect when a user queries sensitive data (e.g. patent records)
Track anomalies in how users make API calls
Track when a user downloads the results of a Bulk API
Detect errors that occur when an org exceeds the concurrent long-running Apex limit
Track when a user successfully logs into Salesforce during an identified credential stuffing attack
Credential stuffing refers to large-scale automated login requests using stolen user credentials
Detects file-related events, such as when a user downloads a file
Detect when a user creates, accesses, updates, or deletes a record containing sensitive data
Detect when a user accesses, updates, or exports list view data
Detect when a Salesforce admin logs in as another user and track the admin’s activities
Detect when a user tries to log in under certain conditions
Detect when a user logs out of Salesforce by clicking Log Out in the Salesforce UI
Track users’s activity (email, taking screenshots, phone calls and text messages, …) in a Salesforce mobile app
Detect permission assignment changes in permission sets and permission set groups
Track anomalies in how users run or export reports
Detect when a user creates, runs, updates, or exports a report that contains sensitive data
Track when unauthorized users gain ownership of a Salesforce user’s session with a stolen session identifier
Detect when a user creates, accesses, updates, or deletes a record containing sensitive data

KPIs

Dashboard

Germain Workspace > Left Menu > Dashboards > All > Salesforce RT Events

This monitoring gets enabled when you deploy Salesforce monitoring using Salesforce.com Application wizard.

Follow the below steps to disable ongoing Salesforce Instance Status monitoring:

Go to Germain Workspace > Left Menu > Germain > State
Switch to Components tab
Search for Name = Salesforce Event Monitoring
Disable selected component by switching the toggle, in the ENABLED column, to :disabled: (disabled state)

You can disable individual topic event stream by following these steps:

Component: Engine

Feature Availability: 2022.2 or later