Introduction

As the Salesforce Admin for your org, you’ll oversee the tracking of user activity, aka you’ll be the private eye for your org. You’ll have to look for unusual activity and safeguard your company’s data. Yes, it’s a huge responsibility, so let’s learn how to get the job done!

What Is Event Monitoring?

Event Monitoring is just one of the many tools provided by Salesforce to keep your org data secure. It lets you see a highly detailed version of User activity in your org. These user activities are called Events.

What are some of the events that can be tracked? Event Monitoring supports tracking of many kinds of events, including, but not limited to:

• Logins
• Logouts
• URI
• Searches
• Report Export
• Package Installs
• Lightning Performance
• Flow Execution
• Dashboard
• Apex Executions

To access the complete list of supported Event Types. View this Salesforce Documentation.

All the events in our org are stored in the Event Log File. An Event Log File is created when an event occurs in our org and is available to view and download only after 24 hours.

Depending on our org type, we can access some or all our event logs for a certain period:

• Developer Edition: Freely access all log types with 1-day data retention.
• Enterprise, Unlimited, and Performance Editions: You can access Login, Logout, and Insecure External Assets for free with 1-day retention. For an extra cost, we can access all log file types with 30-day data retention.

As we progress, we’ll get to access, download, and visualize event log files, but for now, let’s stick with a template. This is how a login activity graph would look like:

We can see that there’s been an unusually high number of logins on the 2^nd of May. The next step would be to break down the logins by User.

This is a template of what that graph would look like:

Admin B logged in close to 100 times on the 2^nd of May. We can continue to break down the graph until we find what we’re looking for. For example, we can view the distinct IP addresses the User has logged in from by breaking down the graph further.

This valuable information will help us pinpoint the cause of this unusual activity. Maybe the User account was compromised, or the User might be up to no good.

This is just one example of how Event Monitoring can work in our favor. Let’s look at some of the other uses of Event Monitoring.

• We can analyze the adoption rate of a new or existing feature.
• We can monitor and prevent data loss.
• Optimize performance.
• Detect unusual activity.

Significance of API

API (Application Programming Interface) bridges the application (Salesforce) and the database.

Salesforce recommends an API-first approach to development. This is because the UI doesn’t provide as many access points to our data as the API would.

Event Monitoring is an API-only tool. We can find the event log files for our org in an API standard object called EventLogFile.

More on that soon. For now, let’s keep these points in mind.