Begin Scanning a Salesforce App

To begin scanning a Salesforce app:
  1. Ensure that the Salesforce administrator account you plan to connect to Prisma SaaS has sufficient administrator privileges.
    To configure the required permissions within Salesforce:
    1. Under
      Setup
      , select
      Manage Users
      Users
      .
    2. Select the administrative user account and then click
      System Permissions
      .
    3. Under
      System
      , enable the following permissions:
      • API Enabled
      • Manage Chatter Messages
        (required only if you use Chatter)
      • Modify All Data
      • View All Data
    4. Under
      Users
      , enable the following permissions:
      • View All Users
      • Manage Users
        (required only if you have not enabled User Sharing)
  2. Add the Salesforce app to Prisma SaaS.
    1. From the Prisma SaaS
      Dashboard
      , click
      Add a Cloud App
      , and select
      Salesforce
      .
      salesforce-tile-frame.png
    2. Choose the type of Salesforce application:
      • Connect to Salesforce Account
        —Adds your Salesforce production account to Prisma SaaS.
      • Connect to Salesforce Sandbox
        —Adds your Salesforce Sandbox account to Prisma SaaS.
        Sandboxes
        are special Salesforce accounts that are maintained separately from your product account and are useful for development, testing, and training.
    3. Log in to Salesforce.
      After authentication, the new Salesforce app is added to the list of Cloud Apps as Salesforce 
      n,
      where
      n
      represents the number of Salesforce app instances you have connected to Prisma SaaS.
  3. (Optional)
    Give a descriptive name to the Salesforce instance.
    1. Click
      Settings
      and select the Salesforce 
      n
      listed.
    2. Enter a descriptive
      Name
      to differentiate this instance of Salesforce from other instances and click
      Done
      .
  4. (Optional)
    Adjust the maximum number of API calls allowed from Prisma SaaS to Salesforce.
    By default, Prisma SaaS can send a maximum of 10,000 API calls to Salesforce.
  5. Add policy rules.
    When you add a cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays any match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Asset Rule to look for incidents unique to Salesforce.
  6. Configure or edit a data pattern.
    You can Configure Data Patterns (Basic DLP) to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  7. Start scanning Salesforce for any possible policy violations or data exposure.
    1. Select
      Settings
      Cloud Apps & Scan Settings
      .
    2. In the Cloud Apps row that corresponds to the Salesforce app you just added, select
      Actions
      Start Scanning
      .
      Prisma SaaS scans all assets in the associated Salesforce app and identifies incidents. Depending on the number of Salesforce users and assets, it may take some time for Prisma SaaS to complete the process. However, you can Monitor Scan Results on the Dashboard and begin to Assess Incidents. Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.

Recommended For You