Classification:

attack

Tactic:

TA0040-impact

Technique:

T1485-data-destruction

VIEW RULE IN DATADOG VIEW SIGNALS

Set up the salesforce integration.

Goal

Detect when there is a significant increase in deleted records in Salesforce.

Strategy

Inspect and baseline Salesforce logs and determine if there is a significant increase in successful (@evt.outcome:Success) delete operations (@operation:Delete).

Triage and response

Determine if the user should be legitimately deleting Salesforce records.