The second step in configuring SightLane for Shield events involves a Custom Metadata Type called a Policy Event. Policy Events specify how SightLane will process incoming Transaction Security Policy Events. Go to Setup -> Custom Metadata Types, and from the four SightLane-related items, select the "Manage Records" link next to SightLane Policy Event.
You will see that SightLane for Shield comes pre-configured with records for each of the Transaction Security Policy types. Click the Edit link to initialize values for any Transaction Security Event you have defined (see the last article).
Policy Events are made up of a collection of simple attributes that collectively govern how a Transaction Security policy is handled. These attributes control the conditions under which SightLane documents a Transaction Security Event. If the conditions are unmet, SightLane will ignore the Transaction Security Event.
- SightLane Policy Event Name - The name of the Policy Event record. Best practice is to just name records after the event that they process
- Policy Event Type - A picklist that identifies the Salesforce Transaction Security Event type that this Policy Event will process
- Evaluation Flow - The Salesforce Flow used to determine the relevance of this Transaction Security Policy Event. This flow will determine whether the event needs further response. For example, you may not want to log and respond to every login event that occurs in your system. Only certain events will meet the criteria for action.
- Log Event - Determines whether this event will be documented in SightLane. The possible values here are On Policy Triggered (meaning only if the Evaluation Flow returns true), Always, and Never.
- Default Evaluation Result - Determines the result of processing, regardless of whether an Evaluation Flow was specified. If an Evaluation Flow is not specified but the Default Evaluation Result is set to true, the event will always be "triggered" and logged in SightLane.
You could stop now. With just the two configuration pieces you've created in this section, SightLane should begin logging (and potentially responding to) Transaction Security Policy events immediately. However, there is a third piece to the puzzle that hasn't been completed yet, and that's where things can get really fun!