Salesforce REST API log source parameters for Salesforce Security

If QRadar does not automatically detect the log source, add a Salesforce Security log source on the QRadar Console by using the Salesforce REST API protocol.

When you use the Salesforce REST API protocol, you must configure specific parameters.

The following table describes the parameters that require specific values to collect Salesforce REST API events from Salesforce Security:
Table 1. Salesforce REST API log source parameters for the Salesforce Security DSM
Parameter Value
Log Source type Salesforce Security
Protocol Configuration Salesforce REST API
Login URL The URL of the Salesforce security console.

For example, https://test.my.salesforce.com.

Username The user name of the Salesforce security console.
Security Token The security token that was sent to the email address configured as the contact email for the Connected App on the Salesforce security console.
Client ID The Consumer Key that was generated when you configured the Connected App on the Salesforce security console.
Secret ID The Consumer Secret that was generated when you configured the Connected App on the Salesforce security console.
Use Proxy

When a proxy is configured, all traffic for the log source travels through the proxy for QRadar to access the Salesforce Security buckets.

Configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank.

Advanced Options By default the Salesforce REST API collects Audit Trail and Security Monitoring events. Configure available options as required.