Configuring the Salesforce Security Monitoring server to communicate with QRadar

To allow QRadar communication, you need to configure Connected App on the Salesforce console and collect information that the Connected App generates. This information is required for when you configure the QRadar log source.

Before you begin

If the RESTful API isn’t enabled on your Salesforce server, contact Salesforce support.

Procedure

  1. Configure and collect information that is generated by the Connected App.
    1. Log in to your Salesforce Security Monitoring server.
    2. Click the Setup button.
    3. In the navigation pane, click Create > Apps > New.
    4. Type the name of your application.
    5. Type the contact email information.
    6. Select Enable OAuth Settings.
    7. From the Selected OAuth Scopes list, select Access and manage your data (api).
    8. In the Info URL field, type a URL where the user can go for more information about your application.
    9. Configure the remaining optional parameters.
    10. Click Save.
  2. Turn on Entitlement History.
    1. Click the Setup button.
    2. In the navigation pane, select Build > Customize > Entitlement Management > Enablement Settings.
    3. From the Entitlement Management Settings window, select the Enable Entitlement Management check box.
    4. Click Save.

What to do next

The Connected App generates the information that is required for when you to configure a log source on QRadar. Record the following information:
Consumer Key
Use the Consumer Key value to configure the Client ID parameter for the QRadar log source.
Consumer Secret
You can click the link to reveal the consumer secret. Use the Consumer Secret value to configure the Secret ID parameter for the QRadar log source.
Important: The Consumer Secret value is confidential. Don't store the consumer secret as plain text.
Security token
A security token is sent by email to the email address that you configured as the contact email.