Salesforce Service Cloud logs into Microsoft Sentinel

Hi avelamb,

yes we did manage to fix it. See below:

So we saw the API was successfully connected; if you go to your Azure portal - search for Function App - you should see the Salesforce function - if it has successfully deployed from where you have followed the instructions and configuration on the Salesforce connector page.

If you click on this Function you should see it the status: Running then on the left pane under Functions click Functions and select the Function for Salesforce > click Monitor and here you will see any Errors.

So the error we got was about the API not being able to pull from a certain Salesforce operator.

this is the query the API uses:
/services/data/v44.0/query?q=SELECT+Id+,+EventType+,+Interval+,+LogDate+,+LogFile+,+LogFileLength+FROM+EventLogFile

We worked with MS Support to confirm that our Salesforce required the EventLogFile Operator which contains the Interval field which is required for MS Sentinel to log events.

https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile.htm

Salesforce Event Monitoring License (part of Salesforce Shield) is required for this.

Hope this helps.