Integrate Salesforce · 2019. 11. 13. · Salesforce: User login failed - This alert is generated...

Integrate Salesforce EventTracker V9.x or above

Publication Date: June 10, 2019

1

Integrate Salesforce

Abstract This guide provides instructions to configure Salesforce to send the log to the EventTracker. Once the log is

being configured to send to the EventTracker, alerts, and reports can be configured into the EventTracker.

Scope The configurations detailed in this guide are consistent with the EventTracker version 9.x and later,

Salesforce.

Audience Administrators who are responsible for monitoring Salesforce which is running using the EventTracker.

The information contained in this document represents the current view of Netsurion on the issues

discussed as of the date of publication. Because Netsurion must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of Netsurion, and Netsurion

cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS OR

IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the

rights under copyright, this paper may be freely distributed without permission from Netsurion, if

its content is unaltered, nothing is added to the content and credit to Netsurion is provided.

Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual

property rights covering subject matter in this document. Except as expressly provided in any

written license agreement from Netsurion, the furnishing of this document does not give you any

license to these patents, trademarks, copyrights, or other intellectual property.

The example companies, organizations, products, people and events depicted herein are fictitious.

No association with any real company, organization, product, person or event is intended or should

be inferred.

© 2019 Netsurion. All rights reserved. The names of actual companies and products mentioned

herein may be the trademarks of their respective owners.

2


Table of Contents Abstract ............................................................................................................................................................. 1

Scope ................................................................................................................................................................. 1

Audience ............................................................................................................................................................ 1

Overview ................................................................................................................................................................ 3

Prerequisites .......................................................................................................................................................... 3

Configuring the Salesforce to forward logs to EventTracker ................................................................................ 3

Salesforce Knowledge Pack ................................................................................................................................... 9

Alerts ................................................................................................................................................................. 9

Flex Reports ....................................................................................................................................................... 9

Dashboards ...................................................................................................................................................... 15

Importing Salesforce knowledge pack into the EventTracker ............................................................................ 19

Alerts ............................................................................................................................................................... 19

Parsing Rules.................................................................................................................................................... 21

Flex Reports ..................................................................................................................................................... 22

Knowledge Objects .......................................................................................................................................... 24

Dashboards ...................................................................................................................................................... 26

Verifying Salesforce knowledge pack in EventTracker ........................................................................................ 28

Knowledge Object ........................................................................................................................................... 28

Flex Reports ..................................................................................................................................................... 28

Alerts ............................................................................................................................................................... 30

3


Overview The Salesforce Lightning Platform delivers tools and services to automate your business processes, integrate with external applications, provide responsive layouts and more. EventTracker integrates and examines logs generated by the Salesforce to help an administrator to monitor

the Salesforce events.

Prerequisites • EventTracker v9.x should be installed.

• Administrative access to Salesforce Lightning Platform.

• PowerShell version 5.0 is required.

Configuring the Salesforce to forward logs to EventTracker

Configuring the Salesforce to forward logs to a syslog server

creating Connected Apps In Lightning Experience,

1. Log into the Salesforce click the Settings > Setup in the upper right, next to your account name.

Figure 1

2. Navigate to Platform Tools > Apps, under App Manager, click New Connected App:

4


Figure 2

3. While using Salesforce Classic, from Setup, enter Apps in the Quick Find box, then select Build > Create > Apps. Under Connected Apps, click New.

4. Enter the required basic information (Connected App Name, API Name, and Contact Email).

• Connected App Name: EventTracker Logger.

• API Name: EventTracker Logger.

• Contact Email: (your email id)

5


Figure 3

5. Select enable OAuth Settings under API (Enable OAuth Settings).

6. Enter your callback URL: (https://YOUR_DOMAIN/login/callback)

Example: (https://localhost/login/callback)

7. Access and manage your data (api) - Allows access to the logged-in user’s account using APIs, such as REST API and Bulk API. This value also includes chatter api, which allows access to Chatter REST API resources.

8. When you are finished entering the information, click Save. You can now publish your app.

9. Once your app is registered, the page will display your Consumer Key and Consumer Secret:

https://your_domain/login/callback

6


• Consumer Key: A value used by the consumer to identify itself to Salesforce, referred to as client_id

• Consumer Secret: A secret used by the consumer to establish ownership of the consumer key, referred to as client_secret

Figure 4

To obtain a security token 1. In Lighting Experience, go to the Settings –> My Personal Information –> Reset My Security Token.

Figure 5

2. Click Reset Security Token, the new security token is sent to the email address in your Salesforce personal settings.

7


Figure 6

NOTE: A new security token is emailed when a password is reset, or the token can be reset separately. Once the token is reset, the old token cannot be used in the API applications and in the desktop clients.

To configure Salesforce EventTracker Integrator 1. Get Salesforce integration from the EventTracker support.

2. Extract the KP-Salesforce.zip in the folder.

3. Run SalesForceIntegrator.exe located in the integrator folder with administrator privilege.

Figure 7

8


4. Fill the details in the Salesforce Integrator Form, which is shown below:

Figure 8

5. Kindly fill the following details in integration form

• API Client ID is the Consumer Key we got from app creation.

• API key is the Consumer Secret we got from app creation.

• User name: The user who are privileged to view the event.

• Password: Password for the user.

• Security code: we obtain from the previous methods.

• InstanceURL: example (https://example.my.salesforce.com) replace example.my.salesforce.com with your Salesforce instance URL.

• System Name: Is the name of the system where salesforce logs will be collected under EventTracker.

6. Click the OK button. 7. Once Salesforce is configured, you will get the message as shown in the below image.

Figure 9

9


Salesforce Knowledge Pack Once logs are received into EventTracker Categories, Alerts, Reports, and Dashboards can be configured into

EventTracker. The following knowledge packs are available in EventTracker to support Salesforce monitoring.

Find the specified knowledge pack in the following sequences-

• Alerts

• Flex Reports

• Dashboard

Alerts 1. Salesforce: User login failed - This alert is generated when the “user login failed” events are detected.

2. Salesforce: Content transfer - This alert is generated when any content transfer events occur, such as

downloads, uploads, and previews.

3. Salesforce: Document attachment downloads – This alert is generated when any document and attachment

downloads.

4. Salesforce: Insecure external assets - This alert is generated when assets include images or videos accessed

by users over an insecure HTTP protocol.

Flex Reports

• Salesforce - User login details: This report provides details about your organization’s user login-logout

history.

Figure 10

10


Sample Log:

• Salesforce - Apex event details: This report contains details about callouts (external requests) during

Apex code execution, Apex classes that are used and details about triggers that fire in an organization.

Figure 11

class PSCustomObject

{

EVENT_TYPE = Login

TIMESTAMP = 20190529145606.253

REQUEST_ID = 4PBjAEJaxDKurJYUCkReE-

ORGANIZATION_ID = 00DE0000000dG5a

USER_ID = 0050L000009eSCY

RUN_TIME = 112

CPU_TIME = 25

URI = /_ui/identity/oauth/ui/AuthorizationPage

SESSION_KEY = zQ7xR90Q0AlmJxcL

LOGIN_KEY = JF2qaTLbo/qv4dPv

REQUEST_STATUS = F

DB_TOTAL_TIME = 90045855

BROWSER_TYPE = SalesforceMobileSDK/5.30.0 iOS/12.1 (iPad) FieldServiceApp/5.4.0(1299) Native uid_49D3A74C-8560-473E-833F-298A256A168E

ftr_PN.UA.US

API_TYPE =

API_VERSION = 9998.0

USER_NAME =

TLS_PROTOCOL = TLSv1.2

CIPHER_SUITE = ECDHE-RSA-AES256-GCM-SHA384

TIMESTAMP_DERIVED = 2019-05-29T14:56:06.253Z

USER_ID_DERIVED = 0050L000009eSCYQA2

CLIENT_IP = 184.207.250.19

URI_ID_DERIVED =

LOGIN_STATUS = LOGIN_NO_ERROR

SOURCE_IP = 184.207.250.19

}

11


Sample Log:

• Salesforce - API events detail: This report provides details about your organization’s web services API

activity and REST-specific requests.

Figure 12


{

EVENT_TYPE = ApexCallout

TIMESTAMP = 20190529141717.139

REQUEST_ID = 4PBh24Af4dQd9_mt-SM4q-


USER_ID = 005E00000045acz

RUN_TIME =

CPU_TIME =

URI = CALLOUT-LOG

SESSION_KEY =

LOGIN_KEY =

TYPE = REST

METHOD = POST

SUCCESS = 0

TIME = 10013

REQUEST_SIZE = -1

RESPONSE_SIZE = -1

URL = https://lti.smartsheet.com/sfdc_logger


USER_ID_DERIVED = 005E00000045aczIAA

CLIENT_IP =

URI_ID_DERIVED =

}

12


Sample Log:

• Salesforce - Document attachment downloads: This report contains details of document and

attachment downloads.

Figure 13


{

EVENT_TYPE = RestApi

TIMESTAMP = 20190529145622.619

REQUEST_ID = 4PBjBAHEW53H40F1v8MFX-


USER_ID = 0050L000009eSCY

RUN_TIME = 246

CPU_TIME = 7

URI = /services/data/v44.0/sobjects/ServiceResource/describe/compactLayouts/primary

SESSION_KEY = E2CnMuYXGbuD9HLc

LOGIN_KEY = JF2qaTLbo/qv4dPv

REQUEST_STATUS = S


METHOD = GET

MEDIA_TYPE = application/json;charset=UTF-8

STATUS_CODE = 200

USER_AGENT = 21000001

ROWS_PROCESSED =

NUMBER_FIELDS =

DB_BLOCKS = 226

DB_CPU_TIME = 10

REQUEST_SIZE = 0

RESPONSE_SIZE = 6141

ENTITY_NAME = ServiceResource


USER_ID_DERIVED = 0050L000009eSCYQA2

CLIENT_IP = 192.168.22.11

URI_ID_DERIVED =

}

13


Sample Log:

• Salesforce - URI Event: This report provides information related to user interaction with the web

browser UI.

Figure 14


{

EVENT_TYPE = DocumentAttachmentDownloads

TIMESTAMP = 20190529135651.977

REQUEST_ID = 4PBfwLpBZRs86GF1v8MFX-


ENTITY_ID = 0150L00000AvIGY

FILE_TYPE = image/png

USER_ID = 000000000000000


USER_ID_DERIVED = 000000000000000AAA

}

14


Sample Log:

• Salesforce - Visualforce event details: This report contains details of Visualforce requests. Requests can

originate from the browser (UI).

Figure 15


{

EVENT_TYPE = URI

TIMESTAMP = 20190529141727.450

REQUEST_ID = TID:284733000078879998


USER_ID = 0050L000009eSCX

RUN_TIME = 283

CPU_TIME = 246

URI = /aura

SESSION_KEY = TsVHFgLyf7DUFsYm

LOGIN_KEY = PehvcjrYzYhyxvpG

REQUEST_STATUS =


DB_BLOCKS = 236

DB_CPU_TIME = 10

REFERRER_URI = nybc-lightning-force-com/lightning/r/Case/5000L00001HpAXjQAN/view


USER_ID_DERIVED = 0050L000009eSCXQA2

CLIENT_IP = 10.55.88.22

URI_ID_DERIVED =

}

15


Sample Log:

Dashboards

• Salesforce All Events Detail:

Figure 16


{

EVENT_TYPE = VisualforceRequest

TIMESTAMP = 20190529140450.609

REQUEST_ID = 4PBgN5sn8tgfY4mt-SU1N-


USER_ID = 0050L000009eSCX

RUN_TIME = 1928

CPU_TIME = 219

URI = /apex/fsl__vf0996_workorderchatter

SESSION_KEY = xBA1y2y3WxLgx7rF

LOGIN_KEY = PehvcjrYzYhyxvpG

REQUEST_STATUS = S


PAGE_NAME = /apex/fsl__vf0996_workorderchatter

REQUEST_TYPE = page

IS_FIRST_REQUEST = 1

QUERY = ?id=0WO0L000000aK40WAE

HTTP_METHOD = GET

USER_AGENT = 13074000

REQUEST_SIZE = -1

RESPONSE_SIZE = 230654

VIEW_STATE_SIZE = 0

CONTROLLER_TYPE = 1

MANAGED_PACKAGE_NAMESPACE = fsl

IS_AJAX_REQUEST = 0

DB_BLOCKS = 3308

DB_CPU_TIME = 120


USER_ID_DERIVED = 0050L000009eSCXQA2

CLIENT_IP = 192.168.22.11

URI_ID_DERIVED =

}

16


• Salesforce User Login Activity By User:

Figure 17

• Salesforce User Login Details By Geo-Location:

Figure 18

17


• Salesforce User Login Details By Status:

Figure 19

• Salesforce User Login Details By URL:

Figure 20

18


• Salesforce Content Transfer Activities:

Figure 21

• Salesforce Document Attachment downloads:

Figure 22

19


• Salesforce URI Details by Destination IP:

Figure 23

Importing Salesforce knowledge pack into the

EventTracker Find the specified knowledge pack in the following sequences-

• Alerts

• Parsing Rule

• Flex Reports

• Knowledge Objects

• Dashlets

Alerts 1. Launch EventTracker Control Panel.

2. Double click Export-Import Utility.

20


Figure 24

3. Click the Import tab.

4. Select the Alert option.

5. Click on Browse button and select the file path.

6. Click on Import.

21


Figure 25

7. Alerts are now imported successfully.

Figure 26

Parsing Rules On EventTracker Control Panel,

1. Click the Import tab.

2. Select the Token value option.

3. Click on Browse button and select File path.

22


4. Click on Import.

Figure 27

5. Tokens Values are now imported successfully.

Figure 28

Flex Reports On EventTracker Control Panel,

1. Click Reports option and select new(.etcrx) from the option.

23


Figure 29

2. Locate the file named Reports_ Salesforce.etcrx and select all the checkbox.

24


Figure 30

3. Click the Import button to import the reports. EventTracker displays a success message.

Figure 31

Knowledge Objects 1. Login to EventTracker console.

2. Click on Knowledge objects under the Admin option in the EventTracker page.

25


Figure 32

3. Locate the file named KO_ Salesforce.etko

Figure 33

4. Now select all the checkbox and then click on the ‘Upload’ option.

Figure 34

26


5. Knowledge objects are now imported successfully.

Figure 35

Dashboards 1. Open EventTracker in the browser and log in.

Figure 36

2. Navigate to My Dashboard.

3. Click on Import configuration icon on the top right corner.

4. In the popup window browse the file named Dashboard_Salesforce.etwd.

Figure 37

5. Now select all the checkbox and then click on the Import option.

27


Figure 38

6. Click ‘customize’ to locate and choose created Dashlets.

7. Click Add to add Dashlets to the dashboard.

Figure 39

28


Verifying Salesforce knowledge pack in EventTracker

Knowledge Object 1. In the EventTracker web interface, click the Admin drop-down, and then click Knowledge Objects.

2. In the Knowledge Object tree, expand the Salesforce group folder to view the imported Knowledge

objects.

Figure 40

Flex Reports 1. In the EventTracker web interface, click the Reports icon, and then select the Report Configuration.

29


Figure 41

2. In Reports Configuration pane, select a Defined option.

3. Click on the Salesforce group folder to view the imported Salesforce.

Figure 42

30


Alerts 1. In the EventTracker web interface, click the Admin icon, and then select Alerts.

Figure 43

2. In the Alert search bar, we can search the alert name and view the imported Salesforce.

Figure 44

Integrate Salesforce · 2019. 11. 13. · Salesforce: User login failed - This alert is generated...

Documents

Transcript of Integrate Salesforce · 2019. 11. 13. · Salesforce: User login failed - This alert is generated...