Salesforce Security Auditing

The IBM QRadar DSM for Salesforce Security Auditing can collect Salesforce Security Auditing audit trail logs that you copy from the cloud to a location that QRadar can access.

The following table identifies the specifications for the Salesforce Security Auditing DSM:
Table 1. Salesforce Security Auditing DSM specifications
Specification Value
Manufacturer Salesforce
DSM Salesforce Security Auditing
RPM file name DSM-SalesforceSecurityAuditing-QRadar_Version-Build_Number.noarch.rpm
Protocol Log File
QRadar recorded events Setup Audit Records
Automatically discovered No
Includes identity No
More information Salesforce web site (http://www.salesforce.com/)

Salesforce Security Auditing DSM integration process

To integrate Salesforce Security Auditing DSM with QRadar, use the following procedures:
  1. If automatic updates are not enabled, download and install the most recent versions of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • Log File Protocol RPM
    • Salesforce Security Auditing RPM
  2. Download the Salesforce audit trail file to a remote host that QRadar can access.
  3. For each instance of Salesforce Security Auditing, create a log source on the QRadar Console.