Skip to main content
Skip table of contents

Salesforce Audit Beat

Version 6.0.0

The Salesforce Audit Beat allows security admin users to view various events and logs collected from Salesforce.

Using the Salesforce Audit Beat, you can collect logs from the following data sources using the Open Collector:

  1. Audit Trail logs

  2. Login History logs

  3. Event Logs via EventLogFile

This beat decouples the collection logic for the Salesforce Audit log source from the System Monitor agent, allowing the beat to be updated independently. This not only streamlines configuration by moving it into the Web Console but also fundamentally improves the update process.

Notice of License Requirement and Query Test

License Requirement

In order to collect Audit Trail, Login History, or Event Logs via the Salesforce Audit beat, you must have:

  • One of the following Salesforce editions: Enterprise, Unlimited, or Developer.

  • Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

Query Test

During collection of Salesforce Audit logs, multiple fields are queried that are present when the correct licenses are active. Run the following query and check if the sequence and interval fields are present. If not, verify that the licensing requirements described above are met.

CODE 
select Fields(All) from EventlogFile  where sequence >= 0 limit 200

Contents

Configure the Salesforce Portal
Initialize the Salesforce Audit Beat
Configure the Salesforce Audit Beat Log Source in the SIEM

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close