Mar 27 2023 06:59 AM
Hello Tech community,
With one of our customers, we are working on an integration of Salesforce with Sentinel and everything seems to work well but there are a few doubts.
Has anyone worked on such integration? Is it worth ingesting Salesforce logs into Sentinel (asking because currently, we see only Login and Logout logs)?
Do you know if we need to configure anything on Salesforce or Sentinel (Azure) side to get more logs?
Mar 28 2023 04:06 AM
Mar 28 2023 04:34 AM
Jul 06 2023 10:50 AM
Jul 29 2024 12:43 AM
Jul 29 2024 10:34 AM
Hello @Prasanthdas545 ,
The fastest way is to deploy the Function App offered by Sentinel (in the Salesforce connector menu).
Before that you need to create an application on the SalesForce side (we did it with their support).
And the last, the events that you receive from SalesForce depend on the type of license you have.
Jul 30 2024 02:33 AM
Can you please elaborate your explination. I tried with ARM template and its created function App, when i go the function app invocation there i found failed counts only and getting below error.
Result: Failure Exception: TypeError: 'NoneType' object is not iterable Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 604, in _handle__invocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 933, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(**args) File "/home/site/wwwroot/SalesforceSentinelConnector/__init__.py", line 220, in main for line in pull_log_files():
Can you please send me the documentation or video link to email address removed for privacy reasons would be highly appreciated.
Jul 30 2024 11:52 AM
Hello @Prasanthdas545,
Yes, first, you need to deploy the Function App.
Second, you need to configure Environment variables in that Function App (check here how it looks like: Configure function app settings in Azure Functions | Microsoft Learn)
These variables should contain info about the connection to Salesforce (URLs, API keys, etc.).
To obtain those variables from Salesforce you need to create an application on Salesforce. This part is the trickiest and we did it with Salesforce team.
Unfortunately, I don't have any videos of the process.
Aug 05 2024 03:37 AM
When using out of the box the Sentinel Salesforce connector, ingested logs have little security value.
I recommend ingesting the Salesforce audit trail and login history logs.
Obtaining those logs would require modifications to the Azure function Python code.