QRadar XDR

  • 1.  Salesforce Integration

    Posted Thu September 26, 2019 10:32 AM
    Edited by Amir Perlson Thu September 26, 2019 11:42 AM
    Does anyone have experience successfully integrating Salesforce with QRadar? I followed the IBM docs (with a few tweaks) and I am successfully receiving authentication logs - so seems the connection is fine. But I get constant error messages saying that the Salesforce API gives no data concerning any other log types, for example:

    Received null response from Salesforce REST API for 'Setup Audit Trail' query!

    I am also regularly receiving the following error.

    Response from query attempt was not 200, response: 400: Bad Request

    Note: The client has not sent me their Salesforce certificate yet, so I have not yet installed the certificate in the folder on our console - could this be the issue? Since the authentication logs are being received, I figured that it is not necessary.

    Amir Perlson

  • 2.  RE: Salesforce Integration

    Posted Thu October 10, 2019 01:24 PM
    Edited by Chris Collins Thu October 10, 2019 01:24 PM
    So if you're getting this back 

    Response from query attempt was not 200, response: 400: Bad Request

    That's why the response is null, so we'd need to troubleshoot why that query is failing. 400 is a bad request so Salesforce API is saying our request is malformed. 

    Some quick digging says it may be timezone for time format related, but not 100%.

    I'd suggest getting debug logging enable for the Salesforce protocol so we can have a deeper look.

    On the managed host doing the connecting run: /opt/qradar/support/mod_log4j.pl

    Enable debugging for: com.q1labs.semsources.sources.salesforcerestapi

    And watch for additional errors. You can have a look in /var/log/qradar.java.debug for more detailed logging which may point to an issue.

    If you have problems with those steps or don't see anything I'd open a PMR so support can assist and engage other teams as needed.

    Chris Collins
    Team Lead / Senior Cloud Integrations Developer
    IBM QRadar Integration Team - New Integrations

  • 3.  RE: Salesforce Integration

    Posted Mon August 23, 2021 09:42 AM

    Salesforce integration basics

    The software tools your company uses not only serve different purposes but also work differently. They are written in different languages (Java, .NET, PHP) and have their specifics in data storage, business logic, visual presentation, and security.

    A Salesforce integration solution is a piece of software that establishes and manages communication between Salesforce CRM and other systems, using APIs to interpret messages that systems exchange. The choice of a Salesforce integration tool depends on the number of systems to integrate and their specifics, as well as the number of integration levels to cover.


    There are 4 integration levels: 2 basic ones (data and process integration) and 2 additional ones (security and user interface integration) that often accompany one of the basic levels.

    1. Data integration ensures that the integrated systems exchange information on demand and instantly. It helps achieve data consistency and increases team efficiency. Data integration should rest on proper information management techniques, such as master data management or data flow design. A data integration solution uses APIs (SOAP or REST) to deliver data from one system to another, as well as to update Salesforce objects, perform searches, maintain passwords, and more.  
    2. Process integration connects apps and systems at the workflow level to implement business processes end to end. Related integration scenarios will require a complex solution that can orchestrate interactions among systems, report on and manage process state.
    3. Security integration merges authentication mechanisms to achieve a better user experience and minimize administration.
    4. User interface (UI) integration combines the UIs of two or more systems. It gives users a single point of entry into multiple applications this way enhancing user experience.

    Having picked integration levels, now, straight ahead to integration tools review provided by Salesforce consulting partner ScienceSoft.

    Salesforce Connect

    Salesforce Course in Nagpur

    Salesforce Connect (Lightning Connect) is a framework that enables you to view, search and modify data stored outside of your Salesforce CRM, say, in an ERP system or in a collaboration system. Salesforce Connect treats external files (customer orders in ERP or marketing templates in SharePoint) as Salesforce external objects allowing you to find them in global search, add them to record feeds, and use them in all Salesforce apps (for example, link customer orders to the customer profile in CRM). All this happens without copying external records in Salesforce (no time lost on copying/downloading and sorting out file versions, no more payments for exceeded data limit!).

    Summing up the pros and cons:

    Salesforce Connect Pluses

    • It is a perfect solution if you need to integrate several Salesforce instances.
    • You can integrate Salesforce with a wide variety of systems, including ERP, CRM, and marketing automation software.
    • Salesforce Connect provides both on-demand and real-time connections to external data sources.
    • You can manage a large data amount without copying it to Salesforce.
    • Point and click UI reduces configuration effort.
    • You can see data stored both inside and outside Salesforce on a single CRM page.
    • No coding on the Salesforce side is required.
    • Salesforce Connect is available in both Salesforce Classic and Lightning Experience.

    Salesforce Connect Minuses

    • Systems to integrate must have integration points for Open Data Protocol. As Open Data Protocol is a standardized one, most incumbent software systems support it (if you have a custom one, check that it does too).
    • To connect Salesforce to systems that don't use Open Data Protocol, you'll need to develop a custom adapter with the Apex Connector Framework (requires development experience).
    • The solution is focused only on the Salesforce side of the integration.
    • By default, external object records are read-only (you can't change them) and require configuration to become editable.
    • Salesforce Connect is available for an extra cost in Enterprise, Performance, and Unlimited Editions. Lightning Connect is priced per data source and subscription pricing starts at $4,000 per month.

    swapna gupta