In this post, we will talk about a different way to Monitor and audit your Salesforce org. We will cover some important Monitoring & Auditing tools In Salesforce that diagnose issues in your Salesforce org. Those tools scan your instance of Salesforce and compare your security settings.
Monitoring & Auditing Tools in Salesforce
There are different Monitoring & Auditing Tools are available in Salesforce. Here are some of them
- Salesforce Health Checker
- Portal Health Check
- Salesforce Optimizer
- Salesforce Accelerator
- Manual Org Assessment
- Security Center
- Login History
- View Setup Audit Trail
- System Overview
- Field History Tracking
- Lightning Usage App
- Apex Exception Emails
- Debug Logs
- Event Monitoring
- Transaction Security Policy
- API Usage Notification
- Force.com Code Scanner
- Apex PMD
- Custom Error Handling framework
Security Troubleshooting Tools in Salesforce
There are different types of Monitoring and auditing Tools in Salesforce org. Let’s start the with Security Troubleshooting Tools in Salesforce
1. Salesforce Health Checker
We can use the Salesforce health checker tool to analyze vulnerabilities in your Salesforce Org on a single page. The Health Check tool is available in the Setup menu. Health Check gives you visibility into all of your org’s security settings and allows you to identify and fix security issues in one place.
The health check tool compares and calculates the total health check score for your org base on the Salesforce Baseline standard. It determines all below issue
- High-Risk Security Setting.
- Medium-Risk Security Setting.
- Low-Risk Security Setting.
- Informational Security Setting.
Salesforce Health Checker Tool is a Free tool. Provides a detailed report on your Salesforce org issues. Easily set medium to high-risk settings to Salesforce Baseline standard with a few clicks.
2. Portal Health Check
Portal Health Check reports show how much access your portal users have to the data in your organization.
Portal Health Check Reports
Portal health check reports show sensitive user permissions, object permissions, and field permissions granted through profiles, as well as organization-wide sharing settings and sharing rules
3. Salesforce Optimizer
Salesforce Optimizer gives you detailed data for more than 50 metrics covering from storage, fields, custom code, custom layouts for objects, reports, dashboards, etc. Run Salesforce Optimizer in sandbox or production to get recommendations for feature improvement, clean up customizations, reduce complexity, and drive feature adoption..
Salesforce Optimizer Report
Salesforce Optimizer Report gives you a personalized report with advice and recommendations about how you can improve your implementation. Salesforce Optimizer analyzes your implementation to find ways to simplify customizations and drive feature adoption.
Consider running Salesforce Optimizer as part of your monthly maintenance, before installing a new app, before each Salesforce release, or at least once a quarter. Learn more here.
4. Salesforce Accelerator
The Salesforce Accelerator tool is available on demand. It allows users who face technical issues in their Salesforce instance to get individualized technical support on demand. This expert guidance will then help you figure out your Salesforce org issues and solve them. Once you run a health check using a Salesforce Accelerator, you will get a list of issues and recommendations on possible ways of fixing them.
The Salesforce Accelerator tool is available to organizations that are part of a Salesforce Premier Success Plan. You need to submit a request for a Salesforce Accelerator on the Help and Training portal you will get in touch with certified specialists.
5. Manual Org Assessment
If you don’t prefer tools, you can always conduct a manual org assessment to analyze the health of your Salesforce Org. But be mindful that there needs to be a method to your madness. You cannot directly go into the Salesforce system, hunt down specific issues and start resolving them right away. It’s best to follow a pattern while doing so.
Manual Org Assessment Report
You can start preparing your org assessment report with the like below:
- Point to consider for Assessment:
- Data Storage considerations
- License Usages
- Workflows v/s Triggers Implementation
- Batch Classes and Scheduler per object
- Custom setting/ Metadata configuration for controlling Triggers.
- Standard vs Custom Development
- Record and ownership skews
- Categorizing the issue based on Priority and Complexity
- Quick Fixes
- Providing Recommendation for Customers.
- Configuration changes
- Usage Guidelines
- System Limitations
6. Security Center
The Security Center gives you a single view of your security, privacy, and governance posture across all of your Salesforce org and tenants. Use the app to review up-to-date health check scores, access settings, and user and login metrics in one easy-to-read interface.
Security Center helps to easily manage securities within Salesforce. It can help to trace any security or policy violation done by internal actors. Its Pillars are:
- Simplify Security Management: Simplify multi-org security management and boost admin productivity by managing all your security controls in a single view.
- Gain Visibility for Better Insights: View Critical metrics across all Orgs together and make better decisions.
- Threat and Anomalies detection: Helps to identify and surface unknown threats using AI and ML with Threat Detection.
Salesforce Security Center Overview Video
Security Center Dashboard
The Salesforce Security Center dashboard provides a Summary and category dashboards provide high-level snapshots of your data for simplified auditing. You can see up to 6 months’ worth of data in easy-to-read dashboards and graphs. It presents data in below category:
Learn more about the Salesforce Security Center tool here.
Auditing Tools in Salesforce
Let’s talk about Auditing tools available in Salesforce.
7. Login History
When we talk about auditing then login history comes to mind every first time. With the Login History tool, you can see all login attempts to your Salesforce org and Experience Cloud sites. The Login History report page shows up to 20,000 records of user logins for the past 6 months.
8. View Setup Audit Trail
With the help of View Setup Audit Trail, we can check any metadata change performed by Users in our org.
9. System Overview
If you want to see the high-level System details then the System overview is the best tool for you. System Overview provides you a summary of key usage data for your org. The system overview page shows usage data and limits for your organization and displays messages when you reach 95% of your limit.
To access the system overview page, from Setup, enter System Overview in the Quick Find box, then select System Overview.
10. Field History Tracking
So far we learn about how to audit login, configuration changes, and over all system limits. But what about data? If you want to audit when the data changed and who changed the data and what was the old value then Field history tracking is your best friend.
You can select certain fields to track and display the field history in the History related list of an object. Field history tracking data doesn’t count against your data storage limits.
11. Lightning Usage App
The Lightning Usage App allows you to monitor adoption metrics, such as daily active users and the most visited pages in Lightning Experience. You can also track the number of your active licenses. These insights help you understand your users’ needs so that you can focus on the issues that really matter.
12. Apex Exception Emails
Set the email addresses that receive notifications when your Apex code encounters unhandled exceptions. Emails can be sent to your Salesforce org’s users and to external email addresses
When unhandled Apex exceptions occur, emails are sent that includes the Apex stack trace, exception message, and the customer’s org and user ID. No other data is returned with the report. Unhandled exception emails are sent by default to the developer specified in the LastModifiedBy field on the failing class or trigger.
13. Debug Logs
A debug log records database operations, system processes, and errors that occur when executing a transaction or while running unit tests. The system generates a debug log for a user every time that user executes a transaction and the user has a trace flag with start and expiration dates that contain the transaction’s start time. You can monitor and retain debug logs for the users specified below
Monitoring Tools in Salesforce
Let see which all monitoring tools we have in Slesforce
14. Event Monitoring
Use event monitoring to discover insights into your Salesforce org to help keep your data secure. It lets you see the granular details of user activity in your organization. You can view information about individual events or track trends in events to Swifty identify abnormal behavior and safeguard your company’s data.
Learn about Shield Platform Encryption from our session.
15. Transaction Security Policy
Using the Transaction Security Policy, you can define events to monitor and take action when that event happens. You can use Real-Time Events in Transaction Security to enforce policies in near real time. When a policy is triggered, notifications are sent through email or in-app notifications
What we can do with Transaction Security?
- Alert that notifies when someone runs reports containing sensitive data
- Alert for exporting reports with more than a thousand records
- make sure no one is using an unsupported browser
NOTE: To use Transaction Security, you have to first purchase a Salesforce Shield or Salesforce Shield Event Monitoring add-on subscription.
16. API Usage Notification
With the API Usage Notification tool, we can define the API usage threshold and get notified when it is exceeded. When you create a request usage notification, you specify a user to receive an email notification whenever your org exceeds a specified limit for the number of API requests made in a specified span of time.
Code Scanning Tools in Salesforce
What about custom code? Let see which all tools are available for code scanning.
17. Force.com Code Scanner
Checkmark Apex Code Scanner is a tool which is powered by Salesforce. It runs a security scan on your Salesforce org and gives a detailed report on risks based on your code quality and security. It figures out every loophole present in your apex code and checks if it aligns with Salesforce best practices.
- Free with limitation but paid version is also there.
- Scans through each and every line of your code in your Salesforce org.
- Reduces the chance of an array of bugs before next upgrade
18. Apex PMD
PMD is very well known source code analyzer for Java and many more languages. Salesforce joined hands with open source developers to create this powerful tool Apex PMD which supports the Apex language. It finds common programming flaws like unused variables, empty catch blocks. It will allow us to have a better quality and avoid maintenance, performance and bug problems in our Apex code.
- It’s free and open source
- You can define your own custom rules
19. Custom Error Handling and logging framework
Debugging in Salesforce has its challenges. Sometimes, there might be an Apex error email with a stack trace, but this typically just points at a location without telling the support person anything about the context of the error. What were the arguments passed into this method? What did those queries return? Nobody knows.
Build a custom error handling and logging framework to monitor the apex class code.
I hope this list of Monitoring & Auditing Tools in Salesforce will help you to keep your Salesforce org healthy. Let us know which tool you like alot and using in your project.