The User Activity Timeline report allows you to report on users activity in a given timeframe throughout the org.
You can report on different categories of activity:
- Event Log File
- Login History
- Setup Audit Trail
- Standard Objects
- Custom Objects
- History Objects
Select the users you want to report on in the left panel, and then select the types of activities you'd like to report on in the right panel. If the user made changes that triggered in the activity chosen in the timeframe, it will appear in the Preview Report, or Display Report tab, depending of you highlighted the user or checked the green checkboxes. On the Display Report tab, you have options to hide any/all low, medium, or high risk results. Additionally, you have the ability to change what is considered low, medium, and high risk, by clicking on the Manage Risk button in the top right.
Video
The User Activity Timeline is a comprehensive security feature of Metazoa Snapshot. This functionality enables users to select any individual user and display their interactions with any Salesforce object over any desired timeframe.
How to Set Up the User Activity Timeline
-
Select the Users: The first step in setting up the User Activity Timeline is selecting the users. You can do this by name, role, profile, or permission set.
-
Select the Time Range: You can select a desired time range through the available menu or by customizing your setting.
-
Select the Salesforce Objects: You can choose any group of Salesforce objects that were either created or modified by the selected user(s). This includes custom and standard objects.
In addition to the standard and custom objects, the User Activity Timeline Report encompasses three special categories:
-
Setup Audit Trail: This section documents all the setup activities available. It's beneficial for monitoring administrative usage of the setup menu.
-
Login History: This section displays login successes and failures.
-
Event Log File: This Salesforce special object provides extensive security-related information about various activities, such as data exfiltration, and even details like when a report was viewed.
You can choose which categories you are interested in from the above list.
- Preview the Report: After the above selections, you can preview the report. The report analysis includes all the activities that the selected user has conducted with the chosen objects over the specified timeframe.
Understanding the Report
The User Activity Timeline report color-codes different activities based on risk levels, providing a visual representation of changes made by object type and user. In addition, it offers detailed information about what actions were taken.
As the report might contain an overwhelming amount of information, Metazoa Snapshot also provides it in a graphical format. You can view the type of activities conducted by the user day-by-day, with the ability to directly jump into the details of specific activities.
Customizing Risk Management
You can manage the color-coding system by using the "Manage Risk" button. The system comes with default values, but if you believe that a specific item bears a different risk level, you can make changes and see the instant effect on the graph results of the report.
Scheduling the Report
When scheduling the report, you can set up the system to send a PDF of the report to any selected group of users when a new snapshot is created. This can be configured to send only if medium or high risk is reported, or exclusively if high risk is reported.
Utilizing the Report
The User Activity Timeline report can be incredibly useful to monitor any group of users, consultants, or anyone with access to your Salesforce org. It can be utilized for the following purposes:
-
Proactive Monitoring: You can use this feature proactively to monitor high-risk activities, for instance, if an employee is being terminated or any other suspicious activities.
-
Post-Incident Analysis: In the event of a security incident, you can use the report forensically to investigate the period of time when the incident occurred.
-
Unapproved Activities Tracking: You can send out a report if anyone conducts any activities that are not approved.
This feature enables proactive monitoring and effective management of your Salesforce account's security.
Links
Snapshot Best Practices: Salesforce Compliance, Governance, and Security