The AlienApp for Salesforce provides visibility into important Salesforce security-related events with a dashboard, and streamlines incident response activities by automatically opening Salesforce cases in response to threats detected by USM Anywhere.
Dashboard
The dashboard includes a consolidated view of important security events and trends, enabling the SOC operator to quickly spot unusual activities.
- Login Attempts, failed logins by user, and Failed login reasons visualize potential access violations
- Top Reports by Size quickly reveals unusual data downloads of Salesforce data
- Login Activity reveals login trends over time, revealing spikes and other problems
Response actions
Cases can be opened automatically based on a correlation rule, or manually by the SOC analyst working a case. USM Anywhere generates the Salesforce case and populates the Salesforce case fields with details from USM Anywhere. For example:
- Create a Salesforce automatic Response rule using a source or destination address seen in an event, alarm, or vulnerability from the user interface
- Create a Salesforce case with the short description and description fields pre-populated
- Trigger an action to create a new case and specify the incident information from the following fields: Type of Request, Case Reason, subject, priority, status
Why you’ll love the AlienApp for Salesforce
Reduce time to detection and remediation
- Automate remediation and policy enforcement between USM Anywhere and Salesforce for rapid response
- Virtually eliminate friction in the incident response process, accelerating the time to respond to threats
- Enhance threat visibility and help reduce mean time to detection and response
Save time and money
- Enable focus on threat response and not writing complex security analytics rules
Simple, form-based integration helps accelerate time to productivity, rather than spending time on complicated cross-product integration