Hi!
I am trying to integrate Salesforce security monitoring with QRadar.
After a few set backs I was able to see that it authenticated correctly... Now the issue is that it seems it is not being able to run the query.
The message in the hover tooltip in Log Sources is 'ERROR - Failed to execute MAX query for Login History'.
I've seen that the PROTOCOL got updated after scheduling it in the Get Updates, the update said that the fix was related to big queries timing out.
I dont know if this is the case.
Any inputs ?
@JonathanP_QRadar @JonathanPechtaIBM
Answer by Jrxn (50) | Aug 17, 2018 at 03:22 PM
I just confirmed that I can run the query via SoapUI.
But in QRadar I dont even see what the API is responding to the request.
What I saw is that the file with the provider ID is created in /store/ec/salesforce/IDFILE, but is empty.
Tried putting the result I got from SoapUI but no luck...
Anyone ?