Diagnostics and Monitoring Tools for Salesforce — Part 2

Identify security risks and monitor your releases

Image of a cloud with lines and dots superimposed, tracing shapes within the cloud
Image of a cloud with lines and dots superimposed, tracing shapes within the cloud

Security and compliance use cases

Security is paramount in maintaining your organization. With so many security setting options, how do you know which one is a potential issue and which ones are not conforming to your security policy standards ? Keeping tabs on this can be a daunting task. Wouldn’t it be great to have a one-stop shop to show all potential issues, recommendations, and fixes? Salesforce Security Health Check provides exactly that. It doesn’t stop there. If you have multiple organizations, then you can pull this information using the Tooling API and display information or take actions on your custom monitoring dashboard. How cool is that?

Another important area to monitor is making sure your customer or partner community is not able to access more information than needed. This is where you can use the Guest User Access Report, which gives you an overview of the objects and permissions guest users can access from your public communities.

Vulnerabilities in your code are equally important and should be monitored throughout your development and build process. Static code analysis should be run manually or automatically to identify security vulnerabilities and other code quality issues. To take it one step further, make it a part of your periodic (either monthly or quarterly) maintenance schedule to run a full static code analysis on your code base. Some popular tools available for this are the Force.com code scanner (offered in partnership with Checkmarx), PMD, and Codescan.io. These tools features hundreds of rules for static code analysis.

  • SOQL/SOSL Injection
  • Access Control Issues (Sharing, FLS)
  • Cross site request forgery attacks
  • Arbitrary redirects
  • Overly permissive postMessage targets
  • SOQL/SOSL inside loops
  • Hardcoding Trigger.new[0]
  • Hardcoding Trigger.old[0]
  • Queries with no Where clause or no LIMIT clause
  • Not bulkifying Apex methods
Table 3. Diagnostic tools for security and compliance

Release and maintain use cases

As the application lifecycle transitions to the release and maintain stage, the focus of instrumentation naturally shifts from diagnostics to monitoring. Trust.salesforce.com provides real-time status details on service availability, performance, security, privacy, and compliance. This site includes information for all data centers and is open to the public. You can sign up for email or SMS notifications regarding incidents and maintenance posted to the site. In addition, the My Salesforce Trust Monitor package can help you create a custom list of organizations for monitoring.

A key success metric for Salesforce application release is adoption rate. A good starting point is to install and review the Salesforce Adoption Dashboards. This AppExchange package provides visibility to relevant user login history and adoption of key features. If your organization recently transitioned from Classic to Lightning Experience, the built-in Lightning Usage App includes Lightning usage metrics such as active users in Lightning Experience, number of users switched back to Classic, and most viewed pages.

For Salesforce enterprise customers, it is common to have asynchronous jobs to handle long running tasks. Salesforce provides different monitoring pages for such jobs under the setup section:

  • Apex Flex Queue — view and reorder all batch jobs that have a holding status
  • Apex Job Queue — monitor the status of all Apex jobs, and optionally abort jobs that are in progress
  • Background Jobs — monitor system background jobs in your organization, such as record sharing access recalculation after changes are made to groups, roles, or territories
  • Bulk Data Load Jobs — monitor the progress of current bulk data load jobs and the results of recent jobs
  • Outbound Message — track status of outbound messages
  • Scheduled Jobs — lists all reporting snapshots, scheduled Apex jobs, and dashboards scheduled to refresh
  • Time-based Workflow — view and manage pending time-based workflow actions
  • What you should do about it
  • Resources to learn more
Table 4. Monitoring tools for release and maintenance

Conclusion

Monitoring and diagnostic tools help you to identify issues before they snowball into bigger problems. Keep this list of tools handy and make them part of your ALM processes. Proactively diagnosing and acting on issues can save you a lot of time, effort, and cost later. Be sure to bookmark the Salesforce Diagnostics and Monitoring Tools Checklist , which documents all the tools we covered in Part 1 and Part 2 of this series.

About the Authors

Image for post
Image for post
Image for post
Image for post

We exist to empower, inspire and connect the best folks around: Salesforce Architects.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store