Skip to content

How BetterCloud Uses Custom Triggers with Salesforce Real-Time Event Monitoring

Rudy Fraser

September 24, 2021

5 minute read

customtriggers-salesforce-eventmonitoring

The recent release of Custom Triggers enables IT teams to create workflows that include applications and actions for which there isn’t native support. This gives IT a much higher degree of flexibility to build more powerful workflows that support a wider range of use cases. 

We’ve done previous deep dives on how you can leverage this new tool to trigger workflows from a ticketing system like Jira and Greenhouse applicant tracking & recruiting software. To continue our series, we’ll walk through an example of how BetterCloud is leveraging Custom Triggers internally to work with Salesforce Real-Time Event Monitoring. Not only will this show you how we leverage our own technology, but you’ll also see how you can set up a similar Custom Trigger. 

A 10,000 foot view of our Salesforce instance

BetterCloud’s internal Salesforce instance has a relatively open data access model. If you have access to view Accounts, Contacts, or Opportunities, you can see all Account, Contact, and Opportunity records. In response, we lock down report export access and have implemented API Allowlisting as means of data loss prevention.

In certain sensitive exit scenarios, we may be asked to be on high alert regarding an individual, particularly to see if there is any suspicious report or API access.

By leveraging BetterCloud Custom Triggers and additional best-in-breed tools, we’re able to monitor and action suspicious activity in real-time, without writing any code.

Here’s a quick breakdown of how we currently use a Custom Trigger to monitor events in Salesforce even more closely.

  1. We enable Real-Time Event Monitoring in Salesforce and enable streaming for the events we’d like to monitor.
  2. As users take action, event messages will be sent to their respective channels (i.e. /event/ReportEventStream).
  3. In our Mule app, we’ll use the out-of-the-box “Subscribe channel listener” source from the Salesforce Connector to subscribe to events from the relevant event channel.
  4. We’ll set up a Custom Trigger integration in BetterCloud to receive API calls from our Mule app.
  5. We’ll also set up a workflow in BetterCloud to kick off some actions every time our Custom Trigger receives a message from the Mule app. For this example, we’re just going to send a Slack message to our #sfdc channel.

The nitty-gritty details

Salesforce Real-Time Event Monitoring

With Salesforce Real-Time Event Monitoring, you can monitor and detect standard events in Salesforce in near real-time. See here for Salesforce’s guide to Real-Time Event Monitoring and how to set it up.

Our Mule app

Our Mule app is pretty simple and is only doing three things here:

  1. Receive events from Salesforce in real-time
  2. Filter all of the event types besides “ReportExport”
  3. Send the event details over to BetterCloud for further action

Here’s how we have it configured in the order of its execution:

  1. Subscribe Channel Listener
    Integrated using a Salesforce API user and subscribed to /event/ReportEventStream
<salesforce:subscribe-channel-listener doc:name=“Subscribe to Report Events” config-ref=“salesforce-config” streamingChannel=“/event/ReportEventStream”/>
  1. Transform Message
    Converts payload received from the Subscribe Channel Listener to output application/json
  1. Idempotent Message Validator
    During testing, I noticed that I was receiving duplicate messages from the channel listener. Our BetterCloud workflow would quickly drive the team insane if it was sending duplicate messages to Slack. Fortunately, the Idempotent Message Validator “[ensures] that only unique messages are received by a service by checking the unique ID of the incoming message… Otherwise, a ‘DUPLICATE_MESSAGE’ error is generated.” While it seems to be different for each event stream, our event payloads from Salesforce do have unique IDs! For the ReportEventStream, I used the ExecutionIdentifier property.
<idempotent-message-validator doc:name=“Idempotent Message Validator” idExpression=“#[payload.data.payload.ExecutionIdentifier]” objectStore=“simple-object-store”/>
  1. Choice
    Because the ReportEventStream receives a lot of different operators that can get noisy, we’ve implemented a simple Choice operation. If the event is for a ReportExport, call out to our BetterCloud Custom Trigger endpoint. If not, do nothing.
<choice doc:name=“Check Operation Type” > <when expression=‘#[payload.data.payload.Operation == “ReportExported”]’>
  1. Request
    Now that we’ve removed duplicate messages and filtered for the right kinds of events, we make a callout to our BetterCloud Custom Trigger endpoint and just send the whole payload. We may not care about all of the info that comes with an event payload, but we’ll take care of that on the BetterCloud side. Before completing this step, you’ll need to start setting up a Custom Trigger in BetterCloud to get the right path and authorization token values.
<http:request method=“POST” doc:name=“TriggerBetterCloud” config-ref=“bettercloud-request-config” path=“/triggers/[REDACTED]”><http:body ><![CDATA[#[payload.data.payload]]]></http:body><http:query-params ><![CDATA[#[output application/java—{“authorization” : “[REDACTED]”}]]]></http:query-params></http:request>
  1. Log
    If all goes well, we should receive a “Successfully received event” response from BetterCloud.

Setting up a Custom Trigger

Before finishing your Mule app, you’ll need to set up a Custom Trigger in BetterCloud.

Custom Triggers allow you to send information to BetterCloud via an inbound request. Once received, you can use the request data as a When condition within a Workflow, and as a Dynamic Field within a Workflow Action.

Here’s a step-by-step breakdown of how to set up a Custom Trigger to finish your Mule App:

  • Before creating the trigger, you’ll need to go to the Integration Center and Create a Custom Integration.
    NOTE: We named our custom integration “Mulesoft Salesforce System API”, since that’s the specific Mule App where these messages are coming from.
  • After creating your integration, you’ll add a trigger extension. We named ours “ReportExportAlert”.
  • Click the  “Next” button and you’ll be provided with an endpoint that includes an authorization token as a query parameter. This is the information you’ll need to complete your mule application.
  • After you’ve updated the Request action in your mule application, you’ll need to run it once to send a payload over to the custom endpoint.BetterCloud will use the parameters from the 1st payload to understand the structure of subsequent requests. For example, the following data is included in the ReportEventStream payloads:
EventDateLoginHistoryIdOwnerIdRelatedEventIdentifierDashboardNameCreatedDate
DescriptionNameSessionKeyExecutionIdentifierEventSourceExportFileFormat
EvaluationTimeIsScheduledPolicyOutcomeRowsProcessedSourceIpLoginKey
NumberOfColumnsColumnHeaders
RecordsRowsReturnedScopePolicyId
OperationFormatEventIdentifierReportIdUsernameGroupedColumnHeaders
DashboardIdCreatedByIdDisplayedFieldEntitiesSequenceUserIdQueriedEntities and SessionLevel
  • After receiving the first request, we designate “Username” as the “Target”. This is the field that will be referenced in the Workflow Activity Feed (i.e. “Report Export Alert: [user’s email address]”). We also specify which fields can be used for IFConditions and/or as Dynamic Fields in actions. If you’re following along, you’ll need at least the following selected as Dynamic Fields for the action we’ll set up later:
UsernameQueriedEntities
NameEventSource
CreatedDateReportId
RowsProcessed
  • Save & Publish and you’re ready to start building your workflow!

Triggering our workflow

Everything you need to know about this step is in the screenshot above!

  1. WHEN we receive a message to our Custom Trigger endpoint, we kick off this workflow
  2. (Optional) IF some condition is true, proceed to our action steps. We want all alerts to trigger an action so we’re going to skip this step.
  3. THEN send a Slack message to a channel of our choosing.

Final steps

With that, you should be all set to start monitoring and taking actions on events happening in your Salesforce environment in near real-time!

Here’s what you’ll need to do now once everything is published and deployed:

  1. Log into your Salesforce account
  2. Export any report
  3. Allow the apps some time to have the event generated, sent to BetterCloud, and actioned.
  4. Receive a message in Slack!

What’s next 

BetterCloud customers with the Platform API can leverage Custom Triggers now. Check this space for future use case deep-dives and other articles to help you continue to learn how to leverage Custom Triggers to enhance the flexibility and extensibility of BetterCloud. 

To learn how your peers are leveraging Custom Triggers, join over 5,000 other IT pros in the largest SaaSOps Community to see how other organizations are implementing Custom Triggers—and to discuss more SaaSOps practices.

BetterCloud is the leading SaaS Management Platform (SMP), helping leading IT organizations discover, manage, and secure their SaaS applications. To learn more, request a demo.

Categories

Sign up for our newsletter