Resolve Security Anomalies with Agentforce

Security Center with Agentforce automatically identifies potential security incidents using Event Monitoring and Security Center data. When an incident is identified, Agentforce creates an Investigation record that includes the incident data and a suggested remediation plan.

Note Security Agent is a pilot or beta service that is subject to the Beta Services Terms at Agreements - Salesforce.com or a written Unified Pilot Agreement if executed by Customer, and applicable terms in the Product Terms Directory. Use of this pilot or beta service is at the Customer's sole discretion.

The Investigations tab in your Security Center setup provides a visual overview of every new, in-progress, and resolved investigation in your org. The Security Agent identifies unique threats and organizes them into ”cards” so your team can focus on the core incident.

Click an investigation card to open a workspace that includes:

• Summary - see details like the type of Event Monitoring incident that occurred, the impacted instances, and the Investigation ID.
• Detected Anomalies - see related anomalies from the same user session, or user activity within 24 hours.
• Incident Timeline - what happened before, during, and after an anomaly was detected.
• Remediation Plan - a custom, step-by-step plan to resolve the incident. These plans provide standardized guidance to help you contain the immediate threat and prioritize the most critical actions to close security gaps.

While viewing an investigation, you can use the Security Agent sidebar to ask natural-language questions for further clarification.

The agent can provide deeper insights into specific user behaviors or quickly summarize complex log data.