Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Salesforce Service Event Tracking

by Cody Dumont
February 3, 2016

Salesforce Service Event Tracking

As more and more services to move to the cloud, security professionals must become more vigilant at monitoring usage and tracking access.  SecurityCenter Continuous View (CV) users have a new tool in their arsenal: the LCE Web Query Client. The new LCE Web Query Client can monitor Salesforce cloud services, and this dashboard assembles the data in a fashion that is easy to read and understand.

The LCE Web Query Client is used to request event data from RESTful web services. The logs returned from queries are stored and normalized in LCE, allowing the information to be searchable in SecurityCenter CV. The process to configure the LCE Web Query Client begins with supplying API configuration details to the agent for the Salesforce services.  The agent is then directed to send logs to LCE.  The resulting events have the prefix of “Salesforce.”

The Salesforce events are mostly around user access and account changes.  The organization can track the user, IP address where the user connected from, and whether the credentials were valid or not.  This information allows the organization to understand the usage of Salesforce and monitor for unauthorized access attempts.

The dashboard is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the SecurityCenter Feed under the category Monitoring. The dashboard requirements are:

  • SecurityCenter 5.2.0
  • LCE 4.6.1
  • LCE Web Query Client

Tenable covers all types of users and services, regardless of location, providing continuous monitoring for the new IT landscape. SecurityCenter Continuous View (CV) allows for the most comprehensive and integrated view of network health. Log Correlation Engine (LCE) provides tight integration with SIEMs, log management tools, malware defenses, the PVS network sensor, NetFlow, BYOD, firewalls, web, authentication systems and cloud services. LCE also provides deep event inspection to continuously discover and track users, applications, cloud infrastructure, trust relationships, and vulnerabilities.

Components

Salesforce Events - Events Detected over 7 Days: This matrix provides indicators for each of the Salesforce events monitored.  The LCE Web Query Client has the ability to detect three events using the RESTful API.  Each cell in the indicator uses a saved query for each event.  If the indicator turns purple, then matching logs are detected.

Salesforce Events – Event Vulnerability Summary: This chart provides a summary of the event-based vulnerabilities discovered from event correlation.  The component will display the top ten vulnerabilities, with the plugin IDs in the description matrix to the left of the chart.

Salesforce Events - Accessed From: This table provides the source IP address extracted from the Salesforce events.  The table is sorted based on event count and displays the source IP address, LCE reporting the event, and number of events detected.  The IP addresses on the list should remain relatively the same; when new or uncommon IP addresses appear on the list, their events should be reviewed to determine whether or not they are authorized.

Salesforce Events - User Summary: This table provides a list of user accounts that have logged into Salesforce.  LCE has the ability to extract usernames and provide a brief history of events for each.  The table shows the user, event count, and trend chart.  If the users are marked as unknown, there could be an issue parsing the username from the logs.  Check the “Valid Username Characters” setting in the LCE configuration and increase the value if needed.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training