The pattern has three parts: schedule the export, load the data into a queryable store, and build the dashboard. Each step has multiple implementation options; pick based on your compliance team''s requirements and the org''s tooling.
- Schedule the Setup Audit Trail export
Setup, Setup Audit Trail, Download Setup Audit Trail. Manual is fine for monthly audits; for daily exports build a scheduled Apex job that queries SetupAuditTrail via Tooling API and writes to a custom object or external system. Keep the cadence below the 180-day retention window.
- Pick the storage destination
Three options. Custom object inside Salesforce (simple, but adds storage cost). CRM Analytics dataset (better visualization, requires Analytics license). External data warehouse (most flexible, requires ETL setup). For most mid-size orgs, the custom object pattern is the fastest path.
- Build the import pipeline
Apex job that reads the CSV (or queries the Tooling API directly), parses each row, and inserts into the destination. Handle the date format, the Section enum, and the Display description text. Deduplicate on (CreatedDate, CreatedBy, Action) to avoid double-loading on retries.
- Build the dashboard components
Group by Action Category (Profile, Permission Set, Sharing Rule, Flow). Group by user with a top-10 chart. Show daily volume with a trend line. Add anomaly flags: high-risk actions like Delete Profile or Deactivate Validation Rule highlighted in red.
- Wire up alerts
Process-builder, flow, or scheduled Apex that scans new audit entries and fires Custom Notifications on high-risk actions. Route alerts to a security distribution list or a Slack channel via Slack Connector.
Custom object, CRM Analytics, or external data warehouse. Each trades cost, flexibility, and refresh cadence differently.
Manual monthly, scheduled daily, or near-real-time via Change Data Capture. Daily is the sweet spot for most compliance regimes; real-time is overkill for most orgs.
Salesforce retains online entries for 180 days. Storage destination retention is your call; most regulated industries require 3 to 7 years.
Email, Slack, ServiceNow ticket, or PagerDuty. Pick based on the security team''s existing operational tooling.
- Setup Audit Trail does not capture data changes, only setup-area metadata changes. Combine with Field History Tracking and Event Monitoring for full coverage.
- 180-day online retention means entries silently roll off if you do not export. Schedule the export well within that window.
- The UI shows 20 entries at a time with no filtering. Use the Tooling API or the CSV export for any audit beyond casual browsing.
- Setup Audit Trail records who initiated a change but not the before-and-after values for every change type. For full field-level history, use Field History Tracking on the changed metadata.
- The CSV export is generated on-demand and can take several minutes for orgs with high change volume. Avoid clicking Download repeatedly; the second click queues a second export.