The problem
A JDS customer embarked on a project to implement Salesforce to provide their users a single user interface to fulfil their customer needs. Their aim, to make the interface easy to use and reduce the time to process customer requests. At the same time, the business had to ensure that their customer data stored in Salesforce was secure and to be able to detect any malicious use.
The Solution
Implementing Splunk with the Splunk Add-on for Salesforce enabled the collection of logs and objects from Salesforce using REST APIs. This in turn, enabled proactive alerting and the creation of informative dashboards and reports to satisfy the business’ security requirements.
Scenarios detected:
- Failed or unusual login attempts (same user tries to login from multiple IP addresses)
- Large amounts of data extracted from Salesforce
- Unauthorised changes in Salesforce configuration such as Connected Apps settings or Authentication Provider settings
- Integration user account activity occurring outside of scheduled job runs
- Privileged user activity
- Apex code execution
All of this was achieved by setting up the required data inputs via the Splunk Add-on. Creating lookups to enhance the alert content with meaningful information and macros for re-usability and ease of administration, then adding alerts to ensure the required conditions were notified to the operational support teams.
Splunk dashboards and reports built on Salesforce data allowed the business to easily view login patterns and analyse EventLog events and Setup Audit Trail changes. Additionally, Salesforce data ingestion and alert summary dashboards were added to assist the support team to identify issues or delays in data ingestion as well as review the number of alerts being generated over time.
When developing any application that provides access to secure information, it’s important to not only monitor in terms of user experience, but also look at security aspects. Our customer was able to satisfy the security monitoring requirements of the business with the Splunk Add-on for Salesforce and achieved their go-live target date. The configured alerts will keep them informed of any potential security issues, giving them confidence that the platform is secure. The accompanying dashboards provide an intuitive summary of user actions, all backed by an extended data retention policy in Splunk to satisfy regulatory compliance. With SalesForce data now available in Splunk, they are planning additional use cases to not only monitor security, but get insights into how the platform is used by employees.
Why choose JDS?
JDS has experience and expertise in bringing SalesForce application data into Splunk . If your focus is on security, performance, or custom monitoring, speak to JDS today about how we can convert your SalesForce data into useful insights.