Salesforce REST API log source parameters for Salesforce Security
If QRadar does not automatically detect the log source, add a Salesforce Security log source on the QRadar Console by using the Salesforce REST API protocol.
When you use the Salesforce REST API protocol, you must configure specific parameters.
The following table describes the parameters that require specific values to collect Salesforce
REST API events from Salesforce Security:
Parameter | Value |
---|---|
Log Source type | Salesforce Security |
Protocol Configuration | Salesforce REST API |
Login URL | The URL of the Salesforce security console. For example, https://test.my.salesforce.com. |
Username | The user name of the Salesforce security console. |
Security Token | The security token that was sent to the email address configured as the contact email for the Connected App on the Salesforce security console. |
Client ID | The Consumer Key that was generated when you configured the Connected App on the Salesforce security console. |
Secret ID | The Consumer Secret that was generated when you configured the Connected App on the Salesforce security console. |
Use Proxy |
When a proxy is configured, all traffic for the log source travels through the proxy for QRadar to access the Salesforce Security buckets. Configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank. |
Advanced Options | By default the Salesforce REST API collects Audit Trail and Security Monitoring events. Configure available options as required. |