To allow QRadar
communication, you need to configure Connected App on the Salesforce console and collect
information that the Connected App generates. This information is required for when you
configure the QRadar
log source.
Before you begin
If the RESTful API isn’t enabled on your Salesforce server, contact Salesforce
support.
Procedure
-
Configure and collect information that is generated by the Connected App.
-
Log in to your Salesforce Security Monitoring server.
-
Click the Setup button.
-
In the navigation pane, click .
-
Type the name of your application.
-
Type the contact email information.
-
Select Enable OAuth Settings.
-
From the Selected OAuth Scopes list, select Access and manage
your data (api).
-
In the Info URL field, type a URL where the user can go for more
information about your application.
-
Configure the remaining optional parameters.
-
Click Save.
-
Turn on Entitlement History.
-
Click the Setup button.
-
In the navigation pane, select .
-
From the Entitlement Management Settings window, select the
Enable Entitlement Management check box.
-
Click Save.
What to do next
The Connected App generates the information that is required for when you to
configure a log source on QRadar. Record the
following information:
- Consumer Key
- Use the Consumer Key value to configure the
Client ID parameter for the QRadar
log source.
- Consumer Secret
- You can click the link to reveal the consumer secret. Use the
Consumer Secret value to configure the Secret ID
parameter for the QRadar log
source.
Important: The Consumer Secret value is confidential.
Don't store the consumer secret as plain text.
- Security token
- A security token is sent by email to the email address that you configured
as the contact email.