- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Salesforce Cloud Connector
Supported Salesforce Cloud Audit Sources and Events
The following table displays audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered | Event Types | Event Included |
|---|---|---|---|
Login History | Login Events | Login events such as login success and login failure | |
Password Locked Out | Password locked out | ||
Application created, Application deleted, Application installed, Application uninstalled, Application blocked, Application unblocked | |||
Territory management events: Add or remove a user to a territory, create or delete a territory, opportunity access level update in territory, add or remove territory assignment rules | |||
Changes in configuration and settings of the delegated authentication mechanism | |||
Permissions Management | Permission set events such as permission set created, deleted, assigned, unassigned renamed, updates to user permissions, updates to apex class access permissions, updates to tab permissions | ||
Profile Management | Profile cloned, profile deleted, profile renamed, profile changed, field permission updated, view all permission added, connected apps enabled or disabled for a profile | ||
Group Management | Group created, group deleted, group renamed, membership updated | ||
Password Management | Password changed, password reset | ||
User Management | User | User profile created, edited, deactivated, activated, locked, unlocked, and user’s email address modified | |
Role Management | User role created, deleted, assigned, unassigned, and replaced | ||
NetworkAccess, PasswordPolicy, SessionSettings | IP whitelist added or deleted or updated, password policy changed, and session security settings changed | ||
File Upload Management | File, or content, or document, or attachment uploaded, updated, or deleted | ||
File Version Management | Represents the history of a specific version of a document. File uploaded, updated, deleted, and downloaded | ||
File Distribution Use | Represents information about views of a shared file. File downloaded, and previewed | ||
File Distribution Management | Represents information about sharing a file externally. File shared, and file un-shared | ||
Represents a content library. Workspace created | |||
Export report, run report, delegate login, dashboard view, file uploaded, file downloaded, file preview, object view You can use Audit to analyze the usage trends and user behavior. |
Prerequisites to Configure the Salesforce Cloud Connector
Before you configure the Salesforce Cloud Connector you must complete the following prerequisites:
Ensure that Exabeam Cloud Connectors does not exceed the Salesforce API call limit
Check whether the Sales Cloud edition that you use supports Web Services API feature
Create a Salesforce user profile and assign the required permissions
Create a user in Salesforce
Obtain an API token
Set up the API Call Limit
Salesforce limits the number of API calls made to Salesforce.com servers. The Salesforce Cloud Connector for Sales Cloud makes approximately 2000 to 5000 API calls or requests per 24 hours to the Salesforce platform. To verify the volume of API calls and limits, see Salesforce API Request Limits and Allocations.
To ensure that the cloud connector does not exceed Salesforce API call limit, contact the Exabeam support team to determine the expected number of API calls for your organization. Discuss with the Salesforce administrator to learn more about the availability of API calls for additional applications, if any. For more information about monitoring your API usage, see API Request Limits.
Verify the Sales Cloud Edition
To ensure that the Sales cloud edition that you use supports Web Services API feature, refer to the Salesforce editions and features list. For example, Salesforce’s Enterprise and Unlimited version offers Web Services API feature that helps to connect external systems and data to Salesforce.
If you have the Salesforce Group Edition (GE) or Professional Edition (PE) see API Access in Group and Professional Editions.
Create User Profiles
In Salesforce, profiles define users’ access to objects and data, and tasks allowed to the user within the application. If you create a user in Salesforce, you must assign a profile to the user. Create a user profile specifically for the cloud connector.
To create a user profile in Salesforce:
Log in to the Salesforce console as an administrator.
Click Setup.
Navigate to Administration > Users > Profiles.
Click New Profile.
Select an existing profile that you want to clone from the list.
Specify a name for the profile in the Profile Name box.
Click Save. If you want to assign the required permissions to the profile, scroll down to System Permissions. If you want to assign existing users or a new user to this profile, click Assigned Users.
Note
For more information about creating user profiles in Salesforce, see Salesforce Documentation.
Assign Permissions to User Profile
After you create a user profile in Salesforce, you can manage access rights in your organization by assigning permission sets to the user profile. System permissions control a user’s ability to perform tasks within Salesforce.
To assign permissions to a user profile:
Log in to the Salesforce console as an administrator.
Navigate to Setup > Administration > Users > Profiles.
Select the profile that you want to edit.
Click System Permissions.
Click Edit.
In the list of permissions, select the following permissions:
API Enabled
Manage Users
View All Data
View Setup and Configuration
View Event Log File
Click Save.
Note
You can control login access by specifying a range of allowed IP addresses for a particular profile. The Salesforce user that you created for the Exabeam connector must log in from the Exabeam platform IP address. If you restrict the IP address for a profile, the user with that profile cannot log in from any other IP address. Make sure that you assign a profile with IP range restriction only to the Salesforce user that you created for the Exabeam connector and not to any other Salesforce user. For more information, see Restrict Login IP Addresses.
Create a User in Salesforce
The Exabeam Cloud Connectors platform uses user information to integrate with Salesforce cloud application APIs. Creating a user account specifically for the cloud connector ensures better visibility and security.
To create a Salesforce user:
Log in to the Salesforce console as an administrator.
Navigate to Setup > Administration > Users > Users.
Click New User.
Specify a user name and enter other details. Ensure that you assign a role, profile, and user license to the new user. You can assign any role to the user. The user license must match the license assigned to a user profile that you selected for the new user. For more information, see Add a New user.
To obtain a user password, select the Generate new password and notify user immediately checkbox.
Click Save.
The User Details page displays the details you entered. Note the password that Salesforce emailed you. If you want to reset the password, on the User Details page, click Reset Password. Salesforce sends an email to the user’s email address with a link to reset the password. Reset the password using the link that you received on your email address. Note the username and password of the Salesforce user that you created. You will need the username and password when you configure the Salesforce Cloud Connector on the Exabeam Cloud Connectors platform.
Obtain an API Token
Salesforce APIs are authenticated through API token, also known as security token. The Exabeam Cloud Connectors platform uses an API token to integrate with Salesforce cloud application APIs, and retrieve audit log events, changes, and other data. The cloud connector uses audit logs and other data for security monitoring to analyze and handle security threats.
To obtain the Salesforce API token:
Log in to the Salesforce console using the user name and password of the user that you created.
Click the profile image in the upper right corner, then click Settings.
In the right pane, navigate to My Personal Information > Reset My Security Token.
Click Reset Security Token to have Salesforce generate a new security token and send it to you via email.
Record the security token, represented by letters and numbers, that you receive via email. Use the security token while configuring the Salesforce Cloud Connector on the Exabeam Cloud Connectors platform.
Configure the Salesforce Cloud Connector
Salesforce Sales Cloud is a customer relationship management (CRM) platform designed for sales teams. Sales Cloud helps to store information about leads, customers, and sales, optimize business processes, and prioritize leads to close deals faster. For more information visit their website.
To configure the Salesforce Cloud Connector to import data into the Exabeam Cloud Connector platform:
Complete the Prerequisites to Configure the Salesforce Cloud Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Sales Cloud Salesforce.com from the list.
In the Accounts section, enter the required information. Required fields are indicated with a red bar.
Account Name – Specify a name for the Salesforce Cloud Connector. For example, Corporate_Sales_CRM_Platform.
Description – (Optional) Describe the Salesforce Cloud Connector. For example, ‘Cloud based CRM platform for sales team.’
Username – Enter the user name of the Salesforce user that you created while completing prerequisites.
Password – Enter the password that you set for the Salesforce user that you created while completing prerequisites.
Security Token – Enter the API token that you obtained while completing prerequisites.
Authentication-Endpoint – Retain the value. This field is automatically populated. If you are using a test Salesforce account, enter test.salesforce.com.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.
Troubleshoot for the Salesforce Cloud Connector
Problem: The Salesforce Cloud Connector stopped syncing events. The connector shows the status as 'Syncs in-progress' and "Last successful sync" = "never".
Solution: The error for the endpoint EventLogFile com.sforce.soap.partner.fault.InvalidFieldFault: null occurs because the Salesforce Cloud Connector cannot pull data from the endpoint EventLogFile. To resolve this error, stop this endpoint if the endpoint is no longer required. If you want to use this endpoint, ensure that you have the Sheildevent monitoring subscription.