Begin Scanning a Salesforce App
To begin scanning a Salesforce app:
- Ensure that the Salesforce administrator account
you plan to use with the Aperture service has sufficient privileges.To configure the required permissions within Salesforce:
- Under Setup, select Manage UsersUsers.
- Select the administrative user account you plan to use to connect the Aperture service to Salesforce and then click System Permissions.
- Under System, enable the following
- API Enabled
- Manage Chatter Messages (required only if you use Chatter)
- Modify All Data
- View All Data
- Under Users, enable the following
- View All Users
- Manage Users (required only if you have not enabled User Sharing)
- Add the Salesforce app.
- From the Aperture Dashboard, Add a Cloud App.
- Select Salesforce.
- Choose the type of Salesforce application to add:
- Connect to Salesforce Account—Adds your Salesforce production account to the Aperture service.
- Connect to Salesforce Sandbox—Adds a Salesforce Sandbox account to the Aperture service. Sandboxes are special Salesforce accounts. They are maintained separately from your product account and useful for development, testing, and training.
- Log in to Salesforce.Upon successful authentication using an account with the appropriate privileges, the new Salesforce app is added to the list of Cloud Apps as Salesforce n, where n is the number of Salesforce app instances you have connected to the Aperture service. For example, if this is the second Salesforce app you have added to the Aperture service, the name displays as Salesforce 2.
- Give a descriptive name to this app instance.
- Select the Salesforce n link on the Cloud Apps list.
- (Optional) Enter a descriptive Name to differentiate this instance of Salesforce from other instances you are securing.
- Click Done to save your changes.
- (Optional) Tune the maximum number of API calls
allowed from the Aperture service to Salesforce.By default, the Aperture service can send a maximum of 10,000 API calls to Salesforce.
- Define global scan settings.
- Add policy rules.When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Policy Rule for Content to look for risks unique to the new app.
- (Optional) Configure or edit a data pattern.When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
- Start scanning the new app for risks.
- Select SettingsCloud Apps & Scan Settings.
- In the Cloud Apps row that corresponds to the new
Salesforce app you just added, select ActionsStart Scanning.The status changes to Scanning. The Aperture service starts scanning all assets in the associated Salesforce app and begins identifying incidents. Depending on the number of Salesforce users and assets, it may take some time for the Aperture service to complete the process of discovering all assets and users. However, as soon as you begin to see this information populating in the Aperture web interface, you can begin to Assess Incidents.
- Monitor the results of the scan.As the Aperture service starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.
Supported SaaS Applications
The Aperture service provides a consistent security policy for your SaaS applications to detect data exfiltration and malware propagation. ...
Add Cloud Apps to the Aperture Service
Add Cloud Apps to the Aperture Service To begin securing the Supported SaaS Applications The Aperture service provides a consistent security policy for your SaaS ...
Begin Scanning a Microsoft Exchange App
Use the Aperture service to scan and identify incidents found when scanning assets and email attachments in your MS Exchange app. ...
Begin Scanning a Box App
Begin Scanning a Box App If you plan to Begin Selective Scanning Using Azure Active Directory Groups Add your Azure Active Directory to Aperture to ...
Begin Scanning a Jive App
Begin Scanning a Jive App To begin scanning a Jive app: Add the Jive app. From the Aperture Dashboard , Add a Cloud App . ...
Begin Scanning a Cisco Webex Teams App
Begin Scanning a Cisco Webex Teams App The Aperture service scans messages and files shared on spaces within the Cisco Webex Teams app. To begin ...
Begin Scanning Microsoft Office 365 Apps
Begin Scanning Microsoft Office 365 Apps To begin scanning Microsoft Office 365 apps: Add company.onmicrosoft.com as an internal domain. See Define Your Internal Domains Add ...
Begin Scanning a Slack for Enterprise App
Begin Scanning a Slack for Enterprise App To begin scanning a Slack for Enterprise app: Enable the privileges required for communication between the Aperture service ...
Begin Scanning Citrix ShareFile Apps
Begin Scanning Citrix ShareFile Apps To begin scanning Citrix ShareFile apps: Add your Citrix fileshare domain(s) as an internal domain on the Aperture service. . ...