Capture information about Apex callouts that use named credentials as their endpoints with the EventLogFile object’s new Named Credential event type. This event type is ideal for auditing the installed managed packages that use named credentials. For example, you’re sometimes required to create a named credential as part of the installation of a managed package from an AppExchange partner. However, in previous Salesforce releases, you didn’t have a way to determine whether other packages also used the named credential, which was a potential security risk. This new event type allows you to track all packages that use a named credential and investigate packages you don’t recognize.

Where: This change applies to Enterprise, Performance, Unlimited, and Developer editions. This event is available in the API but not in the Event Monitoring Analytics app.

Who: The Named Credential event type is free to all customers. Customers who purchased Salesforce Shield or Salesforce Event Monitoring add-on subscriptions can use the EventLogFile object to monitor events.

Get the Namespace of Installed Managed Packages That Access Named Credentials (salesforce.com)

The new CORS Violation Record event type in the EventLogFile object captures information about Cross-Origin Resource Sharing (CORS) violations for Lightning apps. Cross-origin requests to Lightning apps are blocked unless the request comes from a URL listed in your CORS allowlist. Use this event type to monitor CORS violation records and help you decide if your CORS allowlist requires an update before the Enforce CORS Allowlist for Lightning Apps release update is enforced. Currently, the CORS allowlist in Setup isn’t enforced for Lightning apps.

Where: This change applies to Enterprise, Performance, Unlimited, and Developer editions. This event is available in the API but not in the Event Monitoring Analytics app. It’s available for free for two releases because it’s intended to help you prepare for the enforcement of the Enforce CORS Allowlist for Lightning Apps release update.

How: CORS enables web browsers to request resources from origins other than their own. For example, using CORS, JavaScript code at https://www.example.com can request a resource from https://www.salesforce.com.

The Event Log File Browser application is the easiest tool to download event monitoring data. See these instructions.

Get Information About CORS Violation Records in the EventLogFile (salesforce.com)

To analyze the usage trends and performance health of your flows, access the new Flow Execution event type in the EventLogFile object.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions. This event is available in API version 53.0 and later but not in the Event Monitoring Analytics app.

Who: This change is available to customers who purchased the Salesforce Shield or Salesforce Event Monitoring add-on subscription and use the EventLogFile object data to monitor events.

Analyze Your Flows in the Flow Execution Event Type (salesforce.com)

Email notifications for triggered Transaction Security policies include more detail. In addition to the policy name and events that triggered the policy, you now see the policy’s ID and related org ID and user ID. More information helps you identify affected orgs and streamline investigations.

Where: This change applies to Enterprise, Performance, Unlimited, and Developer editions.

Who: This change is available to customers who purchased Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

Get More Informative Transaction Security Policy Notifications (salesforce.com)

Now you can configure your app to add only the data that’s new since the last dataset update. This change reduces network loads, can speed up dataflow jobs for large datasets, and helps you stay within your limits. No more worrying about updates leading to duplicated data across multiple datasets and counting against your row count limits.

Where: This change applies to Enterprise, Performance, Unlimited, and Developer editions.

Who: This change is available to customers who purchased Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

How: To enable this beta feature, contact Salesforce. Then, in the configuration wizard, select Add only new event log file data to existing datasets?. The app then adds only the new data and deletes all data that’s dated outside of your specified retention period.

This configuration is available only in new apps. To add it to an existing app, delete the app, and then recreate it. Enable the Add only new event log file data to existing datasets? setting in the configuration wizard.

Append New Data to Event Monitoring Analytics App Datasets (Beta) (salesforce.com)

Transaction Security email notifications contain more trigger event detail. Append only new data to Event Monitoring Analytics app datasets for more efficient daily dataset updates (beta). New event log file types help you analyze flow trends, monitor CORS violation records, audit installed managed packages that use named credentials, and monitor Bulk API 2.0 usage and performance.

• Append New Data to Event Monitoring Analytics App Datasets (Beta)
  Now you can configure your app to add only the data that’s new since the last dataset update. This change reduces network loads, can speed up dataflow jobs for large datasets, and helps you stay within your limits. No more worrying about updates leading to duplicated data across multiple datasets and counting against your row count limits.
• Get More Informative Transaction Security Policy Notifications
  Email notifications for triggered Transaction Security policies include more detail. In addition to the policy name and events that triggered the policy, you now see the policy’s ID and related org ID and user ID. More information helps you identify affected orgs and streamline investigations.
• Analyze Your Flows in the Flow Execution Event Type
  To analyze the usage trends and performance health of your flows, access the new Flow Execution event type in the EventLogFile object.
• Get Information About CORS Violation Records in the EventLogFile
  The new CORS Violation Record event type in the EventLogFile object captures information about Cross-Origin Resource Sharing (CORS) violations for Lightning apps. Cross-origin requests to Lightning apps are blocked unless the request comes from a URL listed in your CORS allowlist. Use this event type to monitor CORS violation records and help you decide if your CORS allowlist requires an update before the Enforce CORS Allowlist for Lightning Apps release update is enforced. Currently, the CORS allowlist in Setup isn’t enforced for Lightning apps.
• Get the Namespace of Installed Managed Packages That Access Named Credentials
  Capture information about Apex callouts that use named credentials as their endpoints with the EventLogFile object’s new Named Credential event type. This event type is ideal for auditing the installed managed packages that use named credentials. For example, you’re sometimes required to create a named credential as part of the installation of a managed package from an AppExchange partner. However, in previous Salesforce releases, you didn’t have a way to determine whether other packages also used the named credential, which was a potential security risk. This new event type allows you to track all packages that use a named credential and investigate packages you don’t recognize.
• Review Bulk API 2.0 Workload Information
  The new Bulk API 2.0 event log file type helps you query Bulk API 2.0 job information. Previously, Bulk API 2.0 information was available only on the Bulk Data Load Jobs page in Setup. Use the new event type to track how long Bulk API 2 jobs take to complete, what kinds of data they process and how much, who runs jobs, and more.
• Review Threat Detection Data in Security Center (Generally Available)
  Now generally available, Threat Detection integration with Security Center helps you understand threat event trends and plan your responses accordingly. You can view aggregated data about threat events for single and multiple orgs, and drill in to event details right from the Security Center app.

Event Monitoring (salesforce.com)

Sometimes users make data entry mistakes, or customers mistakenly provide personally identifiable information (PII). When sensitive data ends up where it doesn’t belong, it’s hard to meet data privacy and security obligations. Einstein Data Detect helps you quickly find sensitive data such as credit card numbers and social security numbers no matter where it’s entered in your org. You can then apply data classification categories right from the UI and adjust privacy and security controls as necessary.

Where: This change applies to Lightning Experience in Enterprise, Performance, and Unlimited Editions editions.

Who: The Einstein Data Detect managed package is available to customers who have purchased the Salesforce Shield add-on subscription.

Why: Einstein Data Detect helps you find misplaced data in fields, attachments, and documents. Built with platform-native technology, you can:

• Determine the sensitivity of a field based on its contents and categorize it accurately.
• Categorize data classification metadata in bulk without having to store your data in a third-party service.
• Identify which other Salesforce security and privacy products can help you meet your security and privacy requirements.

For example, review detected fields and decide which to encrypt with Shield Platform Encryption or mask with Data Mask. Pair your results with Privacy Center to automatically create Deletion, Masking, and Retention templates for specific categories of data. And if you know that specific fields contain PII, you can create Transaction Security policies that place guardrails on reports that contain those fields.

How: Install the Einstein Data Detect managed package in your production or sandbox environment. From the App Launcher, select Einstein Data Detect. First, create a Data Detect Policy. On the Policies page, select an object and choose the data patterns and fields you want the app to scan for. Enable the object for scanning and save your work. Repeat this step for as many objects as you want within your policy. When you’re ready to start scanning, click Activate Policy and then Scan.

The app refreshes with your results. Results dashboards breakdown scan results by record, data patterns, and data categorization for easy data reviews. Drill in to discovered records to learn more about your data and respond accordingly.

See more detailed information under the Field Results section on each object. Here, you can add data classification categories to fields right in the UI.

Find Sensitive Data with Einstein Data Detect (Generally Available) (salesforce.com)

The newest addition to the Shield family, Einstein Data Detect finds sensitive data across your org and helps you plan your next security and privacy steps.

• Find Sensitive Data with Einstein Data Detect (Generally Available)
  Sometimes users make data entry mistakes, or customers mistakenly provide personally identifiable information (PII). When sensitive data ends up where it doesn’t belong, it’s hard to meet data privacy and security obligations. Einstein Data Detect helps you quickly find sensitive data such as credit card numbers and social security numbers no matter where it’s entered in your org. You can then apply data classification categories right from the UI and adjust privacy and security controls as necessary.

Einstein Data Detect (salesforce.com)

Shield Platform Encryption offers support for more Financial Services Cloud fields. Event Monitoring delivers better Transaction Security notification emails and four new Event Log File types. You can append only new data to Event Monitoring Analytics app datasets for more efficient updates (beta). Get more granular control over Field Audit Trail retention policies. And Einstein Data Detect (generally available) joins the Shield family, offering a faster way to find sensitive data no matter where it’s entered into your org.

• Einstein Data Detect
  The newest addition to the Shield family, Einstein Data Detect finds sensitive data across your org and helps you plan your next security and privacy steps.
• Event Monitoring
  Transaction Security email notifications contain more trigger event detail. Append only new data to Event Monitoring Analytics app datasets for more efficient daily dataset updates (beta). New event log file types help you analyze flow trends, monitor CORS violation records, audit installed managed packages that use named credentials, and monitor Bulk API 2.0 usage and performance.
• Field Audit Trail
  When you set a retention policy on an object, Salesforce no longer sets the same policy for a different object with a similar key prefix.
• Shield Platform Encryption
  Bring even more security to Financial Services Cloud data with encryption at rest for deal and interaction fields.

Salesforce Shield

Changes to the Consent Data Model include new objects that allow you to create multiple brands and relationships in one Salesforce org. Enhancements to the existing Portability Policy feature make navigation more user-friendly.

• Track Consent Preferences for Multiple Brands
  Store customer consent preferences for multiple brands that exist in one Salesforce org. Use the Business Brand object to identify different brands that share a parent brand. Then use the Customer and Seller objects to define unique relationships to these brands.
• Manage Portability Policies with Feature Enhancements
  The Portability Policy dashboard you already know and love has new functionalities. Now you can activate, edit, and delete inactive policies, run policies directly from the dashboard, use the search function in the Portability Log, and more.
• Hard Delete Records in Privacy Center
  You can now hard delete records when running a retention or RTBF policy. When you enable the Hard Delete option, the record isn’t placed in the recycle bin, which requires a wait period of 15 days before deleting or manually emptying the recycle bin.

Privacy Center (salesforce.com)