Secure your vital business data by identifying when a report is exported from Salesforce to an unmonitored endpoint or device. Connect Code42 to Salesforce to collect data each time a report is exported from your business records and downloaded to either a corporate or a personal device. When reports are downloaded to personal devices that are not monitored by Incydr, Code42 shows information about that activity in dashboards, profiles, and alerts in the Code42 console for further investigation. You can then use Forensic Search to identify the data contained in those exported reports and prevent loss.
Code42 automatically filters out information about reports exported to devices that are monitored by Incydr. However, you can use Forensic Search to identify all report export events to both monitored and unmonitored devices.
This article provides an overview about the Code42 Salesforce data connection and how information flows into Forensic Search when a report is exported from your business data. For more information about authorizing the connection, see Connect Code42 to Salesforce.
Set up the connection to Salesforce
Before you can set up Code42's connection to Salesforce, you need to verify that you have the licensing and add-on subscriptions required. Setting up the connection requires some configuration in Salesforce first, then you authorize the connection in the Code42 console.
Verify your Salesforce licensing
To connect Code42 to your Salesforce environment, you must have both one of the required editions and one of the required add-on subscriptions. See Vendor license requirements for Code42 data connections for details.
Connect Code42 to Salesforce
To connect Code42 to your Salesforce environment to monitor for exported reports, complete these steps:
- Configure your organization and environment in Salesforce. This configuration requires that you:
- Verify that streaming of the required events is enabled in the Salesforce Event Manager for your organization. Code42 requires that certain events are selected in order to collect data about the reports your users export.
- Create a new custom profile in Salesforce, or update an existing profile that you use for service accounts. This custom profile contains the permissions needed for the Code42 service account user to connect to your Salesforce environment via API calls.
- Create a new user in Salesforce for the Code42 connection. This new user (along with the new profile) helps secure your Salesforce environment by limiting Code42's access to API calls only, more clearly identifying activity generated by that service user, and avoiding disruptions to business workflows.
- Authorize Code42's connection to Salesforce to your Salesforce environment. After the connection is authorized, Code42 begins monitoring your environment for any reports exported from Salesforce by the users you added who have the "Report export" permission.
Generate and export reports in Salesforce
Users in Salesforce can generate the following types of reports:
- Saved reports have previously been set up and saved in Salesforce either by that user, another user, or an administrator. To generate a saved report, the user simply clicks the report name in the list. You can access saved reports directly in Salesforce using their report IDs in order to see the data they contain.
- Ad hoc reports are temporary reports that users set up and generate "on the spot" from any data available to them in the Salesforce Report Builder. The criteria used to build the report (and the report itself) is discarded when the user closes the Report Builder. Because the report is temporary and none of its criteria is saved, ad hoc reports need to be recreated in order to see what data they may have contained. You can use the information available in Forensic Search to recreate these reports.
Remember the data that users in Salesforce can access and include in reports is governed by the permissions in their associated profile. In order to accurately determine what data an exported report contained, log into Salesforce as a user with a similar profile and permissions.
To export a report from Salesforce:
- Select Export from the actions menu in the upper-right corner of either the report viewer or Report Builder screens.
- Select the Export View you want to use in the report: Formatted Report or Details Only.
The Formatted Report export view is available only for saved reports.
- Select the Format in which to save the report:
- Formatted Reports can only be exported in XLSX format.
- Details Only reports can be saved in XLS, XLSX, or CSV formats. If you export the report to an XLS or CSV format, select the Encoding to use to create the file.
- Click Export.
Depending on browser settings, you may be prompted to enter a filename for the exported report.
Because Salesforce does not provide the filename of exported reports, Code42 predicts this filename based on the Format the user selects. This predicted filename may not exactly match the actual filename downloaded to the endpoint.
View exported report details in Incydr
When a user generates and exports a report from Salesforce, Code42 displays information about that activity throughout Incydr, such as on the Risk Exposure dashboard, on the All users list, in alert notifications, and in Forensic Search. For more information, see View downloaded Salesforce report activity in Incydr.