Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Salesforce Monitoring

Updated Apr 4, 2024

Configure Salesforce for Arctic Wolf monitoring

You can configure Salesforce® cloud to send the necessary logs to Arctic Wolf® for security monitoring.

Arctic Wolf only supports Salesforce monitoring when SSO and MFA are enabled at the organization level for Salesforce sign-ins.

If you have the Group Edition of Salesforce or enable SSO and MFA enforcement at the permission set or profile levels, Arctic Wolf cannot monitor the integration. For example, these enforcement methods are not supported:

Note: Salesforce limits the number of API calls that all users and applications sharing a Salesforce tenant can perform in a 24-hour period. If this API request limit is exceeded, new API calls are denied until the number of API calls in the last 24 hours falls below the limit. The Arctic Wolf Sensor typically makes fewer than 250 API calls each hour or 6,000 each day. Sometimes, the number of API calls is higher than this average, but it should never exceed 10,000 API calls each day.

Requirements

Before you begin

Steps

  1. Create or select a Salesforce profile.
  2. Create a new user for log collection.
  3. Create a security token for the user.
  4. Provide your Salesforce cloud credentials to Arctic Wolf.

Step 1: Create or select a Salesforce profile

Note: Arctic Wolf strongly recommends that you create a new Salesforce profile and user for log collection and forwarding to the Arctic Wolf Sensor. Having a dedicated user limits the permissions that the Arctic Wolf Sensor requires and allows for better visibility over Arctic Wolf Sensor activities.

Do one of these options:

Step 2: Create a new user for log collection

Note: Arctic Wolf strongly recommends that you create a new Salesforce profile and user for log collection and forwarding to the Arctic Wolf Sensor. Having a dedicated user limits access to the permissions that the Arctic Wolf Sensor requires and allows for better visibility over Arctic Wolf Sensor activities.

If you want to create a new user for log collection:

  1. Sign in to Salesforce with administrator permissions.
  2. Click Setup > Manage Users > Users.
  3. Click New User, and then configure these settings:
    • First Name and Last Name — Enter a name for the service user.

      The Alias field automatically populates.

    • Email — Enter the email associated with the user.

    • Nickname — Enter a nickname for the user. For example, Arctic Wolf log collection.

    • Role — If you want to assign a specific role, select that role. If not, select .

    • User License — Select Salesforce.

    • Profile — Select the profile created in Create a new Salesforce profile.

    • Configure the remaining required fields.

    • Generate new password and notify user immediately — Select the checkbox.

      A verification email is sent to the address of new user with the subject, Welcome to Salesforce: Verify your account.

  4. Click Save.
  5. Sign out of Salesforce.
  6. Complete the steps in the verification email sent to the new user.
  7. Click Verify.

Step 3: Create a security token for the user

Note: Make sure that no other services use the existing security token for an existing user because creating a new security token invalidates previous tokens.

If you created a new user or profile or you do not have access to the existing security token for the existing user, create a new security token:

  1. Sign in to Salesforce as the user you want to use for log collection.

  2. Click Settings > Personal > Reset My Security Token.

  3. Select Reset Security Token.

    The new security token is sent to the email address of the user.

  4. Copy the token from the email, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 4: Provide your Salesforce cloud credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Detection and Response.

  5. Configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Username — Enter the username for your user.

    • Password — Enter the password for your user.

    • Security Token — Enter the security token from Create a security token for the user.

    • Salesforce Authentication Domain — If your credentials are for a Salesforce Sandbox environment, select test. Otherwise, select login.

      For more information about Salesforce Sandboxes, see Salesforce documentation.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  6. Click Test and submit credentials.

See also