Capture information about Apex callouts that use named credentials as their endpoints with the EventLogFile object’s new Named Credential event type. This event type is ideal for auditing the installed managed packages that use named credentials. For example, you’re sometimes required to create a named credential as part of the installation of a managed package from an AppExchange partner. However, in previous Salesforce releases, you didn’t have a way to determine whether other packages also used the named credential, which was a potential security risk. This new event type allows you to track all packages that use a named credential and investigate packages you don’t recognize.
Where: This change applies to Enterprise, Performance, Unlimited, and Developer editions. This event is available in the API but not in the Event Monitoring Analytics app.
Who: The Named Credential event type is free to all customers. Customers who purchased Salesforce Shield or Salesforce Event Monitoring add-on subscriptions can use the EventLogFile object to monitor events.
Get the Namespace of Installed Managed Packages That Access Named Credentials (salesforce.com)