Salesforce Security Auditing
The IBM QRadar DSM for Salesforce Security Auditing can collect Salesforce Security Auditing audit trail logs that you copy from the cloud to a location that QRadar can access.
The following table identifies the specifications for the Salesforce
Security Auditing DSM:
Specification | Value |
---|---|
Manufacturer | Salesforce |
DSM | Salesforce Security Auditing |
RPM file name | DSM-SalesforceSecurityAuditing-QRadar_Version-Build_Number.noarch.rpm |
Protocol | Log File |
QRadar recorded events | Setup Audit Records |
Automatically discovered | No |
Includes identity | No |
More information | Salesforce web site (http://www.salesforce.com/) |
Salesforce Security Auditing DSM integration process
To integrate Salesforce Security Auditing
DSM with QRadar,
use the following procedures:
- If automatic updates are not enabled, download and install the most recent versions of the
following RPMs from the IBM® Support Website onto your QRadar Console:
- Log File Protocol RPM
- Salesforce Security Auditing RPM
- Download the Salesforce audit trail file to a remote host that QRadar can access.
- For each instance of Salesforce Security Auditing, create a log source on the QRadar Console.