Ruth and Cloudy having a picnic next to text that says "Learn MOAR: #5 Event Monitoring."

Learn MOAR in Spring ’22 with Event Monitoring


Follow and complete a Learn MOAR Spring ’22 trailmix for admins or developers by March 31, 2022, 11:59 p.m. PT, to earn a special community badge and enter for a chance to win one of five $200 USD Salesforce Certification vouchers. Learn how to participate and review the Official Rules by visiting the Trailhead Quests page.

What is Event Monitoring?

Event Monitoring, available with Salesforce Shield or as a Salesforce add-on product, provides more than 70 different events that can help you keep your data secure, improve application performance, and understand product adoption. It allows you to see details of user activity in your org or events. Event Monitoring includes Event Log Files, Real-Time Event Monitoring, Threat Detection, and Transaction Security. To learn more about this product, check out the Event Monitoring, Real-Time Event Monitoring, and Event Monitoring Analytics App Trailhead modules.

Let’s dive into the Event Monitoring highlights from the Spring ’22 Release!

Provide event, org, and policy-specific information in custom Transaction Security email notifications

Transaction Security is one of the most powerful tools in Salesforce. This is because of its ability to create custom security policies that block users from carrying out potentially malicious actions and then notify a member on your team about the related event. In Spring ’22, the Event Monitoring team is thrilled to announce that one of the most powerful features in Salesforce just got even more powerful by introducing custom email notifications in Transaction Security. With this new feature, you can provide email notification recipients with important context related to your org, the policy, and the event that triggered the policy. Use this feature to direct your teams to take specific actions, and include hand-selected event data that gives teams a head start on their follow-up tasks.

A custom Transaction Security email notification.

Use Flow with Threat Detection platform events to automate responses to threats

Another exciting, new Event Monitoring capability to take advantage of is the ability to create platform event-triggered flows based on Threat Detection platform events. This means you can automate robust threat responses with flows based on Session Hijacking Events, Anomalous Report Events, Anomalous API Events, and Credential Stuffing Events. Automation that you can take advantage of includes creating records, sending emails to security teams that might be outside of Salesforce, resetting user passwords, and much, much more!

A platform event-triggered flow that fires off a Report Anomaly Event to create a new security case.

Manage critical permissions in your org with the permission set event in Transaction Security Policies

As someone who used to manage security and controls for Salesforce at a large bank, I (Cheryl Feldman) know how concerning it can be when you want others to manage permission sets—but with that access, they can add any permission to that permission set. Well, that has changed. With the permission set event for Transaction Security Policies in open beta, you can prevent or alert on any one of 14 critical permissions that are added or removed from a permission set or when a user is assigned or unassigned a permission set that contains these permissions. For the first time, we’re giving #AwesomeAdmins more control over managing permissions in your org!

Transaction policy screen that will monitor a permission set that contains Modify All Data.

Give these Event Monitoring enhancements a test drive in your org and let Product Managers Cheryl Feldman and Trevor Scott know what you think! Reach out to them on the Trailblazer Community or on Twitter at @CherFeldman or @tm_scott, respectively.

Don’t forget to watch the Spring ’22 Admin Preview on February 4 during Release Readiness Live to see demos of a subset of these new, exciting features. And be sure to check out the Learn MOAR Spring ’22 for Admins Trailmix and follow along on the blog this week for more Learn MOAR!

More Learn MOAR

Introducing Files and Attachments Backup in Salesforce Backup.

Introducing Files and Attachments Backup in Salesforce Backup | Spring ’24

What is Salesforce Backup? Salesforce Backup is our native backup and restore solution designed to safeguard customers’ valuable data. Geared for user-friendly operation, Salesforce Backup automatically creates backup copies of business data, empowering organizations to effortlessly restore data and recover from even the most challenging scenarios. With the Spring ’24 Release, we’re thrilled to announce […]

Introducing Salesforce Backup.

Introducing Salesforce Backup: Your Data’s Safety Net

What is Salesforce Backup? On August 15, Salesforce announced the general availability of Salesforce Backup, a native backup and restore solution designed to safeguard customers’ valuable data. Built with ease of use in mind, Salesforce Backup automatically creates backup copies of business data, empowering any organization to restore data and recover from even the worst-case […]

Permissions Updates

Permissions Updates | Learn MOAR Spring ’23

Author’s note: You likely noticed that the official announcement about the End of Life (EOL) of permissions on profiles was never sent out. We’ve decided to no longer enforce the End of Life of permissions on profiles for Spring ’26. We realized, thanks to all the Awesome Admin feedback we’ve received, that we first have […]