Refine your search by using the following advanced search options.

Criteria	Usage
Questions with keyword1 or keyword2	keyword1 keyword2
Questions with a mandatory word, e.g. keyword2	keyword1 +keyword2
Questions excluding a word, e.g. keyword2	keyword1 -keyword2
Questions with keyword(s) and a specific tag	keyword1 [tag1]
Questions with keyword(s) and either of two or more specific tags	keyword1 [tag1] [tag2]
To search for all posts by a user or all posts with a specific tag, start typing and choose from the suggestion list. Do not use a plus or minus sign with a tag, e.g., +[tag1].

Issue with SalesForce Integration

Question by Jrxn (50) | Aug 17, 2018 at 12:38 PM qradar integration logsource salesforce

Hi!

I am trying to integrate Salesforce security monitoring with QRadar.

After a few set backs I was able to see that it authenticated correctly... Now the issue is that it seems it is not being able to run the query.

The message in the hover tooltip in Log Sources is 'ERROR - Failed to execute MAX query for Login History'.

I've seen that the PROTOCOL got updated after scheduling it in the Get Updates, the update said that the fix was related to big queries timing out.

I dont know if this is the case.

Any inputs ?

Answer by Jrxn (50) | Aug 17, 2018 at 03:22 PM

I just confirmed that I can run the query via SoapUI.

But in QRadar I dont even see what the API is responding to the request.

What I saw is that the file with the provider ID is created in /store/ec/salesforce/IDFILE, but is empty.

Tried putting the result I got from SoapUI but no luck...

Anyone ?

0 Share