Implementing Salesforce monitoring in Splunk
A JDS customer embarked on a project to implement Salesforce to provide their users a single user interface to fulfil their customer needs. Their aim, to make the interface easy to use and reduce the time to process customer requests. At the same time, the business had to ensure that their customer data stored in Salesforce was secure and to be able to detect any malicious use.
Implementing Splunk with the Splunk Add-on for Salesforce enabled the collection of logs and objects from Salesforce using REST APIs. This in turn, enabled proactive alerting and the creation of informative dashboards and reports to satisfy the business’ security requirements.
- Failed or unusual login attempts (same user tries to login from multiple IP addresses)
- Large amounts of data extracted from Salesforce
- Unauthorised changes in Salesforce configuration such as Connected Apps settings or Authentication Provider settings
- Integration user account activity occurring outside of scheduled job runs
- Privileged user activity
- Apex code execution
All of this was achieved by setting up the required data inputs via the Splunk Add-on. Creating lookups to enhance the alert content with meaningful information and macros for re-usability and ease of administration, then adding alerts to ensure the required conditions were notified to the operational support teams.
Splunk dashboards and reports built on Salesforce data allowed the business to easily view login patterns and analyse EventLog events and Setup Audit Trail changes. Additionally, Salesforce data ingestion and alert summary dashboards were added to assist the support team to identify issues or delays in data ingestion as well as review the number of alerts being generated over time.
Why choose JDS?
JDS has experience and expertise in bringing SalesForce application data into Splunk . If your focus is on security, performance, or custom monitoring, speak to JDS today about how we can convert your SalesForce data into useful insights.