SaaS Security
Begin Scanning a Salesforce App
Table of Contents
Begin Scanning a Salesforce App
Learn how to add a Salesforce app so that Data Security can protect your assets against data exfiltration and malware
propagation.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
- Supported Content
- Add Salesforce App to Data Security
Supported Content
|
Support For
|
Details
|
|---|---|
|
Scan Content
| Files, Tables, Chatter body |
|
Backward Scan
|
Yes
|
|
Forward Scan
|
Yes
|
|
Selective Scan
|
No
|
|
Exposure
|
All
Backward or Forward scan: The service performs Backward
scan until it reaches current time, then performs
Forward scan.
Content: While Data Security stores the metadata for all
unstructured files, it stores structured file data
selectively. For example, a Salesforce Chatter message
has structured data and is stored only when the content
in the message matches a defined data pattern but an
attachment on Salesforce Chatter has unstructured data,
so Data Security scans the attachment and
stores the metadata. |
|
Auto-Remediation Actions
|
|
|
Post-Remediation Actions (Actions after Admin
Quarantine):
|
No
|
|
User Activities
|
|
|
Snippet Support
|
Yes
|
|
Known License/Version restrictions
|
Supported Versions
|
|
Caveats/Notes
|
None
|
Add Salesforce App to Data Security
- Ensure that the Salesforce administrator account you plan to connect to Data Security has sufficient administrator privileges.To configure the required permissions within Salesforce:
- Under Setup, select .
- Select the administrative user account and then click System Permissions.
- Under System, enable the following permissions:
- API Enabled
- Manage Chatter Messages (required only if you use Chatter)
- Modify All Data
- View All Data
- Query All Files
- Under Users, enable the following permissions:
- View All Users
- Manage Users (required only if you have not enabled User Sharing)
- To add the Salesforce app to Data Security, log in to Strata Cloud Manager and select .
- (For SaaS Security Console users only) Choose the type of Salesforce application:
- Connect to Salesforce Account—Adds your Salesforce production account to Data Security.
- Connect to Salesforce Sandbox—Adds your Salesforce sandbox account to Data Security. Sandboxes are special Salesforce accounts that are maintained separately from your product account and are useful for development, testing, and training.
- (Optional) Give a descriptive name to the Salesforce instance.
- Click Settings and select the Salesforce n listed.
- Enter a descriptive Name to differentiate this instance of Salesforce from other instances and click Done.
- (Optional) Adjust the maximum number of API calls allowed from Data Security to Salesforce.By default, Data Security can send a maximum of 10,000 API calls to Salesforce.
- Define global scan settings.
- Add policy rules.When you add a cloud app, Data Security automatically scans the app against the default data patterns and displays any match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Data Asset Policy to look for incidents unique to Salesforce.
- Configure or edit a data pattern.You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
- To start scanning the new Salesforce app for risks, select .Data Security scans all assets in the associated Salesforce app and identifies incidents. Depending on the number of Salesforce users and assets, it may take some time for Data Security to complete the process. However, you can Monitor Scan Results on the Dashboard and begin to Assess Incidents. Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.
