Salesforce Security

The IBM® QRadar® DSM for Salesforce Security collects Salesforce Security Auditing audit trail logs and Salesforce Security Monitoring event logs from your Salesforce console by using a RESTful API.

The following table identifies the specifications for the Salesforce Security DSM:
Table 1. Salesforce Security DSM specifications
Specification Value
Manufacturer Salesforce
DSM Salesforce Security
RPM file name DSM-SalesforceSecurity-QRadar_Version-Build_Number.noarch.rpm
Protocol Salesforce REST API Protocol
QRadar recorded events Login History, Account History, Case History, Entitlement History, Service Contract History, Contract Line Item History, Contract History, Contact History, Lead History, Opportunity History, Solution History, Salesforce Security Auditing audit trail
Automatically discovered No
Includes identity Yes
More information Salesforce website (

Salesforce Security DSM integration process

To integrate Salesforce Security DSM with QRadar, use the following procedures:
  1. If automatic updates are not enabled, download and install the most recent versions of the following RPMs from the IBM Support Website onto your QRadar Console.
    • Protocol Common RPM
    • SalesforceRESTAPI Protocol RPM
    • DSMCommon RPM
    • Salesforce Security Auditing RPM
    • Salesforce Security RPM
  2. Configure the Salesforce Security server to communicate with QRadar.
  3. Obtain and install a certificate to enable communication between Salesforce Security and QRadar. The certificate must be in the /opt/QRadar/conf/trusted_certificates folder and be in .DER format.
  4. For each instance of Salesforce Security, create a log source on the QRadar Console.