You are using an older browser that might negatively affect how this site is displayed. Please update to a modern browser to have a better experience. Sorry for the inconvenience!

Monitor Threats using ‘Threat Detection’ App using Salesforce


Introduction:

Security testing is one of the non-functional testing methods. It is performed to find the flaws, or any vulnerabilities present in the security mechanism of the system. Thus, ensuring that the application is secure and fixing any security lapses are very important.

Security Testing with Salesforce:

Salesforce is already enriched with their own security mechanism to protect user’s confidential data and their applications. Based on the business need, we can also add our security feature to it. To do security testing of Salesforce application, we need to raise a case with Salesforce team.  Also, if a custom application exceeds the Salesforce limitations, or if we skip the standard guidelines suggested by Salesforce, then we need to go for security testing.

Threat Detection Events in Salesforce:

Threat Detection App is already available in Salesforce. This app can be used to view all detected threats occurred in the Salesforce instance. Threats include Session Hijacking Attempts, Credential Stuffing and Reports which are deviating from the standards. Using the same app, we can easily provide feedback about the severity of a specific threat. 

Steps to make the App visible and Provide Feedback:

Step 1: Enable streaming and storage using ‘Event Manager’ for these three Threat Detection events, namely Report Anomaly Event, Session Hijacking Event, and Credential Stuffing Event.

Step 2: Create a Permission Set with the License as Salesforce.

Step 3: Enable ‘View Threat Detection Events’ in the System Permissions of your Permission Set.

Step 4: Assign the Permission Set to the user who monitors the Threat Detection app. Salesforce recommends creating a specific profile for security administrators who are responsible for managing threat detections.

Step 5: Edit the Tab Settings of each user profile that uses the Threat Detection app and specify the visibility of these four tabs namely Report Anomaly Event Store, Session Hijacking Event Store, Credential Stuffing Event Store, and Threat Detection Feedback to default ‘ON’. If you do not want standard users to view feedback, set the visibility of Threat Detection Feedback for the Standard User profile to Tab Hidden.

Step 6: In Setup, navigate to the Lightning Experience App Manager by entering App Manager in the quick search box.

Step 7: Edit the Threat Detection app by clicking ‘Edit’ in the drop-down box to the right of the app.

Step 8: Select the profiles for which the Threat Detection app should be visible.

Step 9: Save the changes. Now, the Threat Detection app will be visible to the selected users.

Step 10: To view the events and provide feedback, click Threat Detection from the App Launcher.

Step 11:  Now, the records for all the events are displayed in their respective objects such as Report Anomaly Event Store, Session Hijacking Event Store, and Credential Stuffing Event Store.

Step 12: Open any record by clicking its link. Information such as event date, score and a summary of the event are displayed. Also, click ‘Related’ to view their associated feedbacks.

Step 13: To provide feedback about the specific detected threat, click ‘Provide Feedback’ and describe whether it is malicious, suspicious, or unknown.

If you discover any kind of security breaches/events in your systems, the first thing you need to do is investigate their relevant fields of the event to get basic information about the attack, such as the date of the event occurred, user id and the summary of the event.

Conclusion:

Thus, Threat Detection App in Salesforce helps the administrator to monitor the security of the organization. Also, with the help of reports, security flaws in the organization can be identified and resolved on time.