Salesforce Security Monitoring
The JSA DSM for Salesforce Security Monitoring can collect event logs from your Salesforce console by using a RESTful API in the cloud.
The following table identifies the specifications for the Salesforce Security Salesforce Security Monitoring DSM:
Table 1: Salesforce Security Salesforce Security Monitoring DSM Specifications
Salesforce Security Monitoring
RPM file name
Salesforce REST API Protocol
JSA recorded events
Login History, Account History, Case History, Entitlement History, Service Contract History, Contract Line Item History, Contract History, Contact History, Lead History, Opportunity History, Solution History
Salesforce website (http://www.salesforce.com/)
Salesforce Security Monitoring DSM Integration Process
To integrate Salesforce Security Monitoring DSM with JSA, use the following procedures:
If automatic updates are not enabled, download and install the most recent versions of the following RPMs on your JSA Console.
SalesforceRESTAPI Protocol RPM
Salesforce Security Monitoring RPM
Configure the Salesforce Security Monitoring server to communicate with JSA.
Obtain and install a certificate to enable communication between Salesforce Security Monitoring and JSA. The certificate must be in the
/opt/qradar/conf/trusted_certificates/folder and be in
For each instance of Salesforce Security Monitoring, create a log source on the JSA Console.
Configuring the Salesforce Security Monitoring Server to Communicate with JSA
To allow JSA communication, you need to configure Connected App on the Salesforce console and collect information that the Connected App generates. This information is required for when you configure the JSA log source.
If the RESTful API is not enabled on your Salesforce server, contact Salesforce support.
- Configure and collect information that is generated by the Connected
Log in to your Salesforce Security Monitoring server.
Click the Setup button
In the navigation pane, click Create > Apps > New.
Type the name of your application.
Type the contact email information.
Select Enable OAuth Settings.
From the Selected OAuth Scopes list, select Access and manage your data (api).
In the Info URL field, type a URL where the user can go for more information about your application.
Configure the remaining optional parameters.
- Turn on Entitlement History.
Click the Setup button.
In the navigation pane, select Build > Customize > Entitlement Management > Enablement Settings.
From the Entitlement Management Settings window, select the Enable Entitlement Management check box.
The Connected App generates the information that is required for when you to configure a log source on JSA. Record the following information:
The Consumer Secret value is confidential. Do not store the consumer secret as plain text.
Configuring a Salesforce Security Monitoring Log Source in JSA
To collect Salesforce Security Monitoring events, configure a log source in JSA.
When you configured a Connected App on the Salesforce Security Monitoring server, the following information was generated:
This information is required to configure a Salesforce Security Monitoring log source in JSA.
Ensure that the trusted certificate from the Salesforce Security
Monitoring instance is copied to the
/opt/qradar/conf/trusted_certificates/ folder in .DER format on JSA system.
- Log in toJSA.
- Click the Admin tab.
- In the navigation menu, click Data Sources.
- Click the Log Sources icon.
- Click Add.
- From the Log Source Type list, select Salesforce Security Monitoring.
- From the Protocol Configuration list, select Salesforce Rest API.
- Configure the following values:
The URL of the Salesforce security console.
The user name of the Salesforce security console.
The security token that was sent to the email address configured as the contact email for the Connected App on the Salesforce security console.
The Consumer Key that was generated when you configured the Connected App on the Salesforce security console.
The Consumer Secret that was generated when you configured the Connected App on the Salesforce security console.
When a proxy is configured, all traffic for the log source travels through the proxy for JSA to access the Salesforce Security buckets.
Configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank.
- Click Save.
- On the Admin tab, click Deploy Changes.