Salesforce Security
The IBM® QRadar® DSM for Salesforce Security collects Salesforce Security Auditing audit trail logs and Salesforce Security Monitoring event logs from your Salesforce console by using a RESTful API.
The following table identifies the specifications for the Salesforce Security DSM:
| Specification | Value |
|---|---|
| Manufacturer | Salesforce |
| DSM | Salesforce Security |
| RPM file name | DSM-SalesforceSecurity-QRadar_Version-Build_Number.noarch.rpm |
| Protocol | Salesforce REST API Protocol |
| QRadar recorded events | Login History, Account History, Case History, Entitlement History, Service Contract History, Contract Line Item History, Contract History, Contact History, Lead History, Opportunity History, Solution History, Salesforce Security Auditing audit trail |
| Automatically discovered | No |
| Includes identity | Yes |
| More information | Salesforce website (http://www.salesforce.com/) |
Salesforce Security DSM integration process
To integrate Salesforce Security DSM with QRadar, use the following procedures:
- If automatic updates are not enabled, download and install the most recent versions of the
following RPMs from the IBM Support Website onto your QRadar Console.
- Protocol Common RPM
- SalesforceRESTAPI Protocol RPM
- DSMCommon RPM
- Salesforce Security Auditing RPM
- Salesforce Security RPM
- Configure the Salesforce Security server to communicate with QRadar.
- Obtain and install a certificate to enable communication between Salesforce Security and QRadar. The certificate must be in the /opt/QRadar/conf/trusted_certificates folder and be in .DER format.
- For each instance of Salesforce Security, create a log source on the QRadar Console.