Real-Time Event Monitoring: What’s New in Salesforce’s Summer 2019 Product Release

Eagerly anticipated by Salesforce users every season, the newest product release for 2019 brings exciting updates for Salesforce’s Event Monitoring tool. Primarily used to gain visibility in Salesforce, Event Monitoring enables the receipt of application audit logs, which record Salesforce user activity at a detailed level. Log files show you which users are accessing what data, when, where, and what they’re doing with it. Event Monitoring 1.0 log files arrived in batches daily, with the quickest turnaround time being three or four hours after activities occurred. The delay meant it could be hours or longer before seeing abnormal or questionable activity occurring in your Salesforce org. This Summer, Salesforce is beginning to roll out Real-Time Event Monitoring 2.0, which allows users to receive granular user activity monitoring details in near real time.

What’s new in Event Monitoring 2.0

Three core uses of Real-Time Event Monitoring objects are streaming, storing, and enforcing policies on data, though these core uses don’t apply to all objects – certain objects are only available for each use case.

  • Data streaming: Monitor org activity by subscribing to standard events published in real time by Salesforce. A streaming API client allows you to consume events using an external data system of your choosing.
  • Data storage: The Real-Time Event Monitoring beta allows users to store and query event data at-scale in Salesforce big objects. While Salesforce big objects can store large volumes of data for several years, the beta version limits the storage to seven days.
  • Policy enforcement: Transaction security enables the interception of user behavior to block, enforce 2FA, or alert on defined event policies. Enhanced Transaction Security in the 2.0 beta also allows for declarative UI using Flows as well as support for policies on standard and custom objects.

With enhanced transaction security comes the ability to create policies in Condition Builder or Apex code. Policies can support both standard and custom objects throughout your instance. However, you’ll need to disable any legacy policies before enabling enhanced transaction security policies on specific events. You can view, monitor, and update events in your org using the Event Manager dashboard.

Addressing former Event Monitoring limitations

In the past, Salesforce admins may have had problems with certain data sets being compatible with Event Monitoring 1.0 because it wasn’t architected to consume customer-designed data. That limitation prevented Event Monitoring from capturing forensic details of that data. The release of 2.0 resolves these concerns and captures richer data, recording report names and objects run in select reports. It’s possible to record the information in unsaved reports, tying the data back to what the user actually accessed in Salesforce.

The benefits of Event Monitoring 2.0

Event Monitoring 2.0’s upgrades enable users to capture activities within seconds of their occurrence, enhancing security capabilities and boosting threat response levels. According to Verizon’s 2019 Data Breach Investigations Report, 56% of breaches took months or longer to discover. With real-time user activity monitoring, it’s possible to stop data breaches as they’re happening.

An additional benefit of Real-Time Event Monitoring is the increased automation abilities, which mean less manual work for admins and information security. With enhanced transaction policies, teams can easily set up automation rules to create alerts when specified thresholds have been breached. Plus, trend-based analysis inherent to the program and companion visualization tools boosts the automated performance of the program as a whole. Real-time events enable heightened security with less effort.

Event Monitoring 1.0 users needn’t worry about being left behind – Salesforce has continued to invest in 1.0, adding new event types, updating the UI, and enhancing the security. If you’re a 1.0 user interested in implementing 2.0, Salesforce is currently in the process of rolling out the product in sandbox orgs, looking to move to production orgs shortly thereafter. While the initial release of 2.0 is focused on security use cases, the future of Real-Time Event Monitoring lies in additional areas that are important to monitor such as performance use cases to round out the product’s capabilities. The targeted release date for real-time general availability is Salesforce’s Winter product release later this year.