The Salesforce Secrulet is activated without any error. There are also informational events populating in CloudSOC Investigate. However, some file uploads are not detected by the Salesforce Securlet. The uploaded file is also not triggering DLP policies (if there are already matching policies configured).

• When checking the Salesforce events for this account in the CloudSOC Investigate, there is no "Content Document" event in the Object column.
• The Query All Files Permission is not assigned to the Salesforce System Admin account used to activate the Securlet.

The Query All Files permission is needed for the Salesforce Securlet to retrieve files in non-member libraries and files in unlisted groups. Please work with the Salesforce sysadmin and use the Salesforce Securlet prerequisites to help you configure the permission set.