Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Event Manager Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Event Manager Control

            Central console to activate real-time storage and streaming for 50+ event types, enabling both historical analysis via Big Objects and immediate external consumption via Pub/Sub API for SIEM/security platforms.

            Control Name

            Event Manager (Select 'Enable Storing' and/or 'Enable Streaming' to capture event data in Real-Time Event Monitoring).

            Control Overview

            Central console to activate real-time storage and streaming for 50+ event types, enabling both historical analysis via Big Objects and immediate external consumption via Pub/Sub API for SIEM/security platforms.

            Description

            Per-event toggle in Setup>Event Manager controls whether LoginEvent, ReportEvent, URIEvent, etc. populate Event Log Files (storing) or publish to streaming channels. Supports dual-mode for comprehensive coverage.

            Recommended Configuration

            Select 'Event Manager' ->Select 'Enable Storing' and/or 'Enable Streaming' to capture event data in Real-Time Event Monitoring; enable both for critical events (Login, Report, API), streaming only for high-volume/low-retention needs.

            Security Impact

            Delivers complete user activity telemetry to security tools in real time while preserving 1–24 months historical data for forensics; foundational for UEBA, threat hunting, and compliance.

            Business Impact

            Eliminates polling/sync delays for external systems, enables live dashboards, and supports cost-optimized retention (stream high-volume, store selectively).

            Security Risk If Not Configured

            Disabled streaming of real-time event data for monitoring creates detection gaps for time-sensitive threats like account compromise or data exfiltration in progress.

            Threat Scenarios

            Disabled real-time monitoring prevents timely detection of security incidents and delays incident response; attackers complete bulk exports or privilege escalation before detection.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Streaming adds minimal cost but high value; storage scales with activity volume; prioritize high-risk events first based on threat model.

            Higher Risk When

            External/partner access enabled, API-heavy integrations, regulated data (PHI/PII), or existing SIEM expecting Salesforce RTEM feeds.

            Low Risk When

            Internal users only, simple workflows, native Login History sufficient, no real-time external monitoring requirements.

            Business and Integration Considerations

            Test streaming endpoints before production enablement; plan Big Object storage budgets for storing option.

            Security Health Review Guidance

            Strongly recommended.

            Who Is Impacted

            Security engineers configuring SIEM streams, analysts building dashboards, compliance teams requiring complete audit trails, integration architects.

            See Also

             
            Loading
            Salesforce Help | Article