Change Monitoring

Overview and How It Works

Change Monitoring in AutoRABIT Guard provides an enhanced, comprehensive audit trail for your Salesforce org. Built on top of Salesforce’s native Setup Audit Trail, Change Monitoring significantly improves visibility and accountability for changes made in the production environment. Whether changes occur directly in Salesforce, through AutoRABIT deployments, or via other methods, Change Monitoring captures them, organizes them, and presents them in an accessible and actionable way.

With Change Monitoring, you can ensure complete visibility into every change made in your Salesforce org, making it an invaluable tool for security, governance, and compliance.

Features of Change Monitoring

Executive View

The Executive View in Change Monitoring provides a high-level dashboard for at-a-glance viewing:

Summarizes all changes made in the last 7 days, categorized by type (e.g., custom code, configuration changes).
Offers a quick snapshot of recent activity—ideal for executives and managers who need to monitor trends without delving into the details.
Ensures teams can quickly identify high-level patterns and address critical areas as needed.

Detail View

For a more granular analysis, the Detail View presents a table of all changes with advanced filtering capabilities. It includes important metadata such as:

Changed at: Timestamp of the change.
Metadata Type: Type of Salesforce component affected (e.g., Apex class, custom object).
Record Name: The specific item that was changed.
Change Type: Indicates whether the change was an addition, modification, or deletion.
Changed By: The user responsible for the change.
Change Category: Groups changes into logical categories (e.g., back-end code, security).

This level of detail enables users to fully investigate specific changes and identify patterns or issues in their Salesforce org.

Smart Filtering

Smart Filtering allows users to filter changes by:

Who: Identify and track which users made changes.
When: Focus on changes within a specific date or time range.
What Type: Narrow down metadata changes by component, like Apex classes, flows, or profiles.

This feature helps teams quickly pinpoint the exact changes they need to focus on, whether it's for audits, troubleshooting, or general monitoring.

Enhanced Visibility

Change Monitoring provides enhanced visibility into changes from multiple sources, including:

Direct edits in production.
Changes deployed via AutoRABIT.
Other deployment or modification methods.

This ensures that every change, regardless of its origin, is captured and tracked with full context, allowing teams to investigate unexpected or unauthorized changes quickly.

Benefits of Change Monitoring

Complete Audit Trail

Gain full visibility into every modification in your org, ensuring transparency and accountability.

Streamlined Investigations

Use advanced filters to quickly pinpoint specific changes, saving time during audits or troubleshooting sessions.

Improved Governance

Ensure compliance with internal policies and external regulations by keeping a detailed log of all modifications made in your org.

Enhanced Collaboration

Help developers, admins, and security teams stay aligned by providing a single source of truth for all changes.

How Change Monitoring Works

Change Monitoring builds upon the Salesforce Setup Audit Trail by using the Tooling API to retrieve the full log, which contains up to six months of historical data. However, where Salesforce's native audit trail offers only basic information, Change Monitoring enriches this data to provide deeper insights.

Tracking Changes

Change Monitoring tracks changes using the SetupAuditTrail object and retrieves all relevant data available via this API. The data is processed to convert simple string representations of changes into more complex, structured objects.

For example, the Salesforce raw data for a change might look like this:

Salesforce Raw Event: "Changed permission set Admin : Account Perms: AccountOwnership Apex class access was enabled."

Change Monitoring enhances this raw event into a detailed object like this:

This enriched event provides:

Context: Who made the change, when it was made, and which component was affected.
Detailed Impact: What specifically was modified, e.g., access permissions, profile settings.
Risk Level: An assigned risk level, which categorizes the change by its security impact.

Event Parsing and Categorization

When a change is captured, it undergoes transformation:

Regex-based parsing of raw data.
Real-time Salesforce queries to gather additional metadata details.
Categorization based on predefined change types, e.g., profile modifications, security changes.

This detailed parsing and categorization process allows teams to perform a deep analysis of changes that could have security implications.

Tracking Supported Events

Change Monitoring enhances and tracks events related to various Salesforce components. Currently, the following metadata types are supported:

[

'GlobalValueSet',

'QueueRoutingConfig',

'StaticResource',

'ApexPage',

'CustomTab',

'CompactLayout',

'Group',

'WorkflowTask',

'WorkflowRule',

'WorkflowAlert',

'ApprovalProcess',

'PasswordPolicy',

'DataCategoryAccess',

'SharingGuestRule',

'SharingCriteriaRule',

'SharingOwnerRule',

'Role',

'WebLink',

'CustomPermission',

'PermissionSet',

'QuickAction',

'RecordType',

'Queue',

'WorkflowFieldUpdate',

'FlexiPage',

'FieldSet',

'CustomObject',

'ValidationRule',

'LightningComponentBundle',

'Profile',

'AuraDefinitionBundle',

'CustomMetadata',

'User',

'PermissionSetAssignment',

'ProfileSessionSetting',

'CustomField',

'ApexClass',

'ApexTrigger',

'Flow',

'Layout',

'ProfilePasswordPolicy',

'ExternalCredential',

'RemoteSiteSetting',

'NamedCredential',

'AuthProvider',

'ExternalDataSource'

]

Not All Events Are Parsed: While Change Monitoring tracks a wide variety of changes, only certain events are parsed into rich objects. Others are logged and stored but not parsed into detailed objects. Users can view these unparsed events in the “Other” tab.

Data Retention and Refresh

Data Retention: Change Monitoring can store up to one year of historical data, far more than the six-month limit imposed by Salesforce's native audit trail.
Refresh Rate: The audit trail is refreshed every five minutes, meaning changes made in Salesforce are captured in near real time. Users can also manually trigger a refresh.

Email Notifications

Change Monitoring includes customizable email notifications to ensure you stay informed when significant changes occur. You can define specific criteria for notifications, such as:

Profile Creation: Get notified when a new profile is created.
Apex Class Modification: Stay informed about changes to code or components that could impact your org’s security posture.

When a change matches your defined criteria, Change Monitoring sends an email alert, summarizing:

What Changed: Metadata type and record name.
When: The timestamp of the change.
Who: The user who made the change.
Category: The category of the change (e.g., profile changes, Apex class modifications).

PreviousPermissions Explorer NextPolicies

Last updated 1 month ago

Was this helpful?

Change Monitoring

Overview and How It Works

With Change Monitoring, you can ensure complete visibility into every change made in your Salesforce org, making it an invaluable tool for security, governance, and compliance.

Features of Change Monitoring

Executive View

The Executive View in Change Monitoring provides a high-level dashboard for at-a-glance viewing:

Summarizes all changes made in the last 7 days, categorized by type (e.g., custom code, configuration changes).
Offers a quick snapshot of recent activity—ideal for executives and managers who need to monitor trends without delving into the details.
Ensures teams can quickly identify high-level patterns and address critical areas as needed.

Detail View

For a more granular analysis, the Detail View presents a table of all changes with advanced filtering capabilities. It includes important metadata such as:

Changed at: Timestamp of the change.
Metadata Type: Type of Salesforce component affected (e.g., Apex class, custom object).
Record Name: The specific item that was changed.
Change Type: Indicates whether the change was an addition, modification, or deletion.
Changed By: The user responsible for the change.
Change Category: Groups changes into logical categories (e.g., back-end code, security).

This level of detail enables users to fully investigate specific changes and identify patterns or issues in their Salesforce org.

Smart Filtering

Smart Filtering allows users to filter changes by:

Who: Identify and track which users made changes.
When: Focus on changes within a specific date or time range.
What Type: Narrow down metadata changes by component, like Apex classes, flows, or profiles.

This feature helps teams quickly pinpoint the exact changes they need to focus on, whether it's for audits, troubleshooting, or general monitoring.

Enhanced Visibility

Change Monitoring provides enhanced visibility into changes from multiple sources, including:

Direct edits in production.
Changes deployed via AutoRABIT.
Other deployment or modification methods.

This ensures that every change, regardless of its origin, is captured and tracked with full context, allowing teams to investigate unexpected or unauthorized changes quickly.

Benefits of Change Monitoring

Complete Audit Trail

Gain full visibility into every modification in your org, ensuring transparency and accountability.

Streamlined Investigations

Use advanced filters to quickly pinpoint specific changes, saving time during audits or troubleshooting sessions.

Improved Governance

Ensure compliance with internal policies and external regulations by keeping a detailed log of all modifications made in your org.

Enhanced Collaboration

Help developers, admins, and security teams stay aligned by providing a single source of truth for all changes.

How Change Monitoring Works

Tracking Changes

For example, the Salesforce raw data for a change might look like this:

Salesforce Raw Event: "Changed permission set Admin : Account Perms: AccountOwnership Apex class access was enabled."

Change Monitoring enhances this raw event into a detailed object like this:

{ "detail": "Changed permission set Admin : Account Perms: AccountOwnership Apex class access was enabled", "login": "", "auditTrailId": "0YmWy000004AydKKAS", "date": "2024-10-10T09:30:47.000+0000", "error": "", "eventKey": "SetupEntityAccessAudit_PermissionSet_ApexClass_Enabled", "recordName": "Admin_Account_Perms", "propertyModified": "classAccesses", "subPropertyModified": "AccountOwnership", "beforeValue": "disabled", "afterValue": "enabled", "changeCategory": "Attribute-Based Access Control (ABAC)", "recordId": "0PSWy000000TnN7OAK", "metadataType": "PermissionSet", "operationType": "MODIFIED", "isMetadata": true, "riskLevel": "High Risk" }

This enriched event provides:

Context: Who made the change, when it was made, and which component was affected.
Detailed Impact: What specifically was modified, e.g., access permissions, profile settings.
Risk Level: An assigned risk level, which categorizes the change by its security impact.

Event Parsing and Categorization

When a change is captured, it undergoes transformation:

Regex-based parsing of raw data.
Real-time Salesforce queries to gather additional metadata details.
Categorization based on predefined change types, e.g., profile modifications, security changes.

This detailed parsing and categorization process allows teams to perform a deep analysis of changes that could have security implications.

Tracking Supported Events

Change Monitoring enhances and tracks events related to various Salesforce components. Currently, the following metadata types are supported:

[

'GlobalValueSet',

'QueueRoutingConfig',

'StaticResource',

'ApexPage',

'CustomTab',

'CompactLayout',

'Group',

'WorkflowTask',

'WorkflowRule',

'WorkflowAlert',

'ApprovalProcess',

'PasswordPolicy',

'DataCategoryAccess',

'SharingGuestRule',

'SharingCriteriaRule',

'SharingOwnerRule',

'Role',

'WebLink',

'CustomPermission',

'PermissionSet',

'QuickAction',

'RecordType',

'Queue',

'WorkflowFieldUpdate',

'FlexiPage',

'FieldSet',

'CustomObject',

'ValidationRule',

'LightningComponentBundle',

'Profile',

'AuraDefinitionBundle',

'CustomMetadata',

'User',

'PermissionSetAssignment',

'ProfileSessionSetting',

'CustomField',

'ApexClass',

'ApexTrigger',

'Flow',

'Layout',

'ProfilePasswordPolicy',

'ExternalCredential',

'RemoteSiteSetting',

'NamedCredential',

'AuthProvider',

'ExternalDataSource'

]

Data Retention and Refresh

Data Retention: Change Monitoring can store up to one year of historical data, far more than the six-month limit imposed by Salesforce's native audit trail.
Refresh Rate: The audit trail is refreshed every five minutes, meaning changes made in Salesforce are captured in near real time. Users can also manually trigger a refresh.

Email Notifications

Change Monitoring includes customizable email notifications to ensure you stay informed when significant changes occur. You can define specific criteria for notifications, such as:

Profile Creation: Get notified when a new profile is created.
Apex Class Modification: Stay informed about changes to code or components that could impact your org’s security posture.

When a change matches your defined criteria, Change Monitoring sends an email alert, summarizing:

What Changed: Metadata type and record name.
When: The timestamp of the change.
Who: The user who made the change.
Category: The category of the change (e.g., profile changes, Apex class modifications).

PreviousPermissions Explorer NextPolicies

Last updated 1 month ago

Was this helpful?