Monitoring & Auditing Tools in Salesforce

In this post, we will talk about a different way to Monitor and audit your Salesforce org. We will cover some important Monitoring and auditing tools In Salesforce that diagnose issues in your Salesforce org. Those tools scan your instance of Salesforce and compare your security settings.

Monitoring & Auditing Tools in Salesforce

There are different Monitoring and auditing Tools available in Salesforce. Here are some of them

1. Salesforce Health Checker
2. Portal Health Check
3. Salesforce Optimizer
4. Salesforce Accelerator
5. Manual Org Assessment
6. Security Center
7. Login History
8. View Setup Audit Trail
9. System Overview
10. Field History Tracking
11. Lightning Usage App
12. Apex Exception Emails
13. Debug Logs
14. Event Monitoring
15. Transaction Security Policy
16. API Usage Notification
17. Force.com Code Scanner
18. Apex PMD
19. Custom Error Handling Framework

Security Troubleshooting Tools in Salesforce

There are different types of Monitoring and auditing Tools in Salesforce org. Let’s start with Security Troubleshooting Tools in Salesforce

1. Salesforce Health Checker

We can use the Salesforce health checker tool to analyze vulnerabilities in your Salesforce Org on a single page. The Health Check tool is available in the Setup menu. Health Check gives you visibility into all of your org’s security settings and allows you to identify and fix security issues in one place.

The health check tool compares and calculates your org’s total health check score based on the Salesforce Baseline standard. It determines all the below issue

1. High-Risk Security Setting.
2. Medium-Risk Security Setting.
3. Low-Risk Security Setting.
4. Informational Security Setting.

Salesforce Health Checker Tool is a Free tool. Provides a detailed report on your Salesforce org issues. Easily set medium to high-risk settings to Salesforce Baseline standard with a few clicks.

2. Portal Health Check

Portal Health Check reports show how much access your portal users have to the data in your organization.

Portal Health Check Reports

Portal health check reports show sensitive user permissions, object permissions, and field permissions granted through profiles, as well as organization-wide sharing settings and sharing rules

3. Salesforce Optimizer

Salesforce Optimizer gives you detailed data for over 50 metrics covering storage, fields, custom code, custom layouts for objects, reports, dashboards, etc. Run Salesforce Optimizer in sandbox or production to get recommendations for feature improvement, clean up customizations, reduce complexity, and drive feature adoption..

Salesforce Optimizer Report

Salesforce Optimizer Report gives you a personalized report with advice and recommendations about improving your implementation. Salesforce Optimizer analyzes your implementation to find ways to simplify customizations and drive feature adoption.

Consider running Salesforce Optimizer as part of your monthly maintenance before installing a new app, before each Salesforce release, or at least once a quarter. Learn more here.

4. Salesforce Accelerator

The Salesforce Accelerator tool is available on demand. It allows users who face technical issues in their Salesforce instance to get individualized technical support on demand. This expert guidance will then help you figure out your Salesforce org issues and solve them. Once you run a health check using a Salesforce Accelerator, you will get a list of issues and recommendations for fixing them.

The Salesforce Accelerator tool is available to organizations as part of a Salesforce Premier Success Plan. You need to submit a request for a Salesforce Accelerator on the Help and Training portal, and you will get in touch with certified specialists.

5. Manual Org Assessment

If you don’t prefer tools, you can always conduct a manual org assessment to analyze the health of your Salesforce Org. But be mindful that there needs to be a method to your madness. You cannot directly go into the Salesforce system, hunt down specific issues, and resolve them immediately. It’s best to follow a pattern while doing so.

Manual Org Assessment Report

You can start preparing your org assessment report with the link below:

• Points to consider for Assessment:
  • Data Storage considerations
  • License Usages 
  • Workflows v/s Triggers Implementation
  • Batch Classes and Scheduler per object
  • Custom setting/ Metadata configuration for controlling Triggers.
  • Standard vs Custom Development
  • Record and ownership skews
• Categorizing the issue based on Priority and Complexity
  • Quick Fixes
  • Workarounds.
• Providing Recommendations for Customers.
  • Configuration changes
  • Usage Guidelines
  • System Limitations

6. Security Center

The Security Center gives you a single view of your security, privacy, and governance posture across your Salesforce org and tenants. Use the app to review up-to-date health check scores, access settings, and user and login metrics in one easy-to-read interface.

Security Center helps to manage securities within Salesforce easily. It can help to trace any security or policy violations done by internal actors. Its Pillars are:

• Simplify Security Management: Simplify multi-org security management and boost admin productivity by managing all your security controls in a single view.
• Gain Visibility for Better Insights: View Critical metrics across all Organizations together and make better decisions.
• Threat and Anomalies detection: Helps to identify and surface unknown threats using AI and ML with Threat Detection.

Salesforce Security Center Overview Video

Security Center Dashboard

The Salesforce Security Center dashboard provides a Summary, and category dashboards provide high-level snapshots of your data for simplified auditing. You can see up to 6 months’ data in easy-to-read dashboards and graphs. It presents data in the below category:

• Authentication
• Configuration
• Permissions
• User

Learn more about the Salesforce Security Center tool here.

Auditing Tools in Salesforce

Let’s talk about Auditing tools available in Salesforce.

7. Login History

When we talk about auditing, login history comes to mind every first time. The Login History tool shows all login attempts to your Salesforce org and Experience Cloud sites. The Login History report page shows up to 20,000 records of user logins for the past six months.

8. View Setup Audit Trail

With the help of  View Setup Audit Trail, we can check any metadata change performed by Users in our org.

9. System Overview

If you want to see the high-level System details, then the System overview is the best tool for you. System Overview provides you with a summary of key usage data for your org. The system overview page shows usage data and limits for your organization and displays messages when you reach 95% of your limit.

To access the system overview page, enter System Overview in the Quick Find box from Setup, then select System Overview.

10. Field History Tracking

So far, we have learned how to audit login, configuration changes, and overall system limits. But what about data? If you want to audit when the data changed, who changed the data, and what the old value was, then Field history tracking is your best friend.

You can select certain fields to track and display the field history in the History-related list of an object. Field history tracking data doesn’t count against your data storage limits.

11. Lightning Usage App

The Lightning Usage App allows you to monitor adoption metrics, such as daily active users and the most visited pages in Lightning Experience. You can also track the number of your active licenses. These insights help you understand your users’ needs so that you can focus on the issues that really matter.

12. Apex Exception Emails

Set the email addresses that receive notifications when your Apex code encounters unhandled exceptions. Emails can be sent to your Salesforce org’s users and to external email addresses

When unhandled Apex exceptions occur, emails are sent that includes the Apex stack trace, exception message, and the customer’s org and user ID. No other data is returned with the report. Unhandled exception emails are sent by default to the developer specified in the LastModifiedBy field on the failing class or trigger.

13. Debug Logs

A debug log records database operations, system processes, and errors occurring when executing a transaction or running unit tests. The system generates a debug log for a user every time that user executes a transaction and the user has a trace flag with start and expiration dates that contain the transaction’s start time. You can monitor and retain debug logs for the users specified below

Monitoring Tools in Salesforce

Let’s see which all monitoring tools we have in Salesforce

14. Event Monitoring

Use event monitoring to discover insights into your Salesforce org to help keep your data secure. It lets you see the granular details of user activity in your organization. You can view information about individual events or track trends in events to Swifty identify abnormal behavior and safeguard your company’s data.

Learn about Shield Platform Encryption from our session.

15. Transaction Security Policy

Using the Transaction Security Policy, you can define events to monitor and take action when that event happens. You can use Real-Time Events in Transaction Security to enforce policies in near real-time. When a policy is triggered, notifications are sent through email or in-app notifications.

What can we do with Transaction Security?

• Alert that notifies when someone runs reports containing sensitive data
• Alert for exporting reports with more than a thousand records
• make sure no one is using an unsupported browser

NOTE: To use Transaction Security, you have first to purchase a Salesforce Shield or Salesforce Shield Event Monitoring add-on subscription.

16. API Usage Notification

With the API Usage Notification tool, we can define the API usage threshold and get notified when it is exceeded. When you create a request usage notification, you specify a user to receive an email notification whenever your org exceeds a specified limit for the number of API requests made in a specified span of time.

Code Scanning Tools in Salesforce

What about custom code? Let’s see which tools are available for code scanning.

17. Force.com Code Scanner

Checkmark Apex Code Scanner is a tool that Salesforce powers. It runs a security scan on your Salesforce org and gives a detailed risk report based on your code quality and security. It identifies every loophole in your apex code and checks if it aligns with Salesforce best practices.

Advantages

• Free with limitations but paid version is also there.
• Scans through each and every line of your code in your Salesforce org.
• Reduces the chance of an array of bugs before the next upgrade

18. Apex PMD

PMD is a well-known source code analyzer for Java and many more languages. Salesforce joined with open-source developers to create this powerful tool, Apex PMD, which supports the Apex language. It finds common programming flaws like unused variables and empty catch blocks. It will allow us better quality and avoid maintenance, performance, and bug problems in our Apex code.

Advantages

• It’s free and open source
• You can define your own custom rules

19. Custom Error Handling and logging framework

Debugging in Salesforce has its challenges. Sometimes, there might be an Apex error email with a stack trace, but this typically just points at a location without telling the support person anything about the context of the error. What were the arguments passed into this method? What did those queries return? Nobody knows.

Build a custom error handling and logging framework to monitor the apex class code.

Summary

I hope this list of Monitoring and auditing Tools in Salesforce will help you keep your sales org healthy. Let us know which tool you like and use in your project.