You may already know that Tripwire Configuration Manager can audit your cloud service provider accounts like AWS, Azure, and Google Cloud Platform, but did you know it also has capabilities to monitor other cloud based software services such as Salesforce?  

Salesforce is a popular customer relationship management (CRM) service with rich configuration options that could lead to unintended risks if it is improperly configured. Tripwire has created a security policy within Configuration Manager which can check settings in your Salesforce account for potential risks or exposures and even auto-remediate many common misconfigurations.

To see how easy it is to configure, let’s review the basics of scanning a Salesforce account with Tripwire Configuration Manager. If you aren’t already familiar with the Configuration Manager, now is the perfect time to set up a Configuration Manager free trial to follow along. 

Most of the steps shown will be similar across the different supported cloud account types. While the specific configuration details may vary, the general workflow will be the same whether you are scanning AWS, Salesforce, or any other supported cloud service.

Salesforce Monitoring

Begin by creating a new cloud account entry within Configuration Manager. On the left side of the Manager window, look for the Environment heading. Below that is the Cloud Accounts section where you can select the New button.

Tripwire Salesforce image 1

Select Salesforce in the Choose a Cloud Provider input field to expand the configuration options available for the Salesforce account type. 

Cloud TW CM image 2

In order for Configuration Manager to evaluate the security-related settings in your Salesforce account, you will need to provide details of the account to use for scanning. You will need to provide a Salesforce connected app consumer key, a user ID, and the key used for the connected app. Configuration Manager can generate a key pair to (Read more...)