Salesforce 安全挑战须知：日志导航、威胁检测和 CRM 安全增强.pdf

《Salesforce 安全挑战须知：日志导航、威胁检测和 CRM 安全增强.pdf》由会员分享，可在线阅读，更多相关《Salesforce 安全挑战须知：日志导航、威胁检测和 CRM 安全增强.pdf（46页珍藏版）》请在三个皮匠报告上搜索。

1、1www.mitiga.ioNavigating Logs,Detecting Threats,and Enhancing CRM Security24/10/24Doron Karmi2Smishing2345Lets start with a gameLets start with a gameChanges Users email1Subscribe for period reports3Smishing2345Lets start with a gameLets start with a gameChanges Users email1Subscribe for period repo

2、rtsInitial Access4Smishing2345Lets start with a gameLets start with a gameChanges Users email1Subscribe for period reports5Smishing2345Lets start with a gameLets start with a gameChanges Users email1Subscribe for period reports6But in real lifeBut in real lifeHow did they get in?What are the relevan

3、t logs?For how long they have access?Do I have the relevant logs?Whats this ID?BioBioDoron KarmiSenior Cloud Security ResearcherAriel SzarfSenior Cloud Security Researcher8AgendaAgendaIntroduction&Concepts Logs OverviewThreat HuntingRecommendations12349101What is CRMWhat is CRMIntroductionIntroducti

4、on111What is CRMWhat is CRMIntroductionIntroduction2What is SalesforceWhat is Salesforce12Basic ConceptsBasic Concepts App13Basic ConceptsBasic Concepts AppObjectsCustom ObjectsStandard Objects14Basic ConceptsBasic Concepts AppObjectsCustom ObjectsFieldsStandard ObjectsFields15Basic ConceptsBasic Co

5、ncepts AppObjectsCustom ObjectsRecordsFieldsStandard ObjectsRecordsFields16Why attackers are targeting SFWhy attackers are targeting SF17Why attackers are targeting SFWhy attackers are targeting SF Personal Identifiable Information(PII),financial records,contract detailsCustomer data Sensitive busin

6、ess data,sales strategies,product detailsIntellectual property Payment records,invoicing details,billing processesFinancial information18Logs OverviewLogs OverviewSetup Audit TrailEvent Log FilesYour Forensic DiaryYour Forensic Diary1819Main Log TypesEvent Log FilesSetup Audit TrailGranular insights