Azure
Salesforce-asim-authentication parser
Required items, please complete
Change(s):
- Added asim authentication parser for Salesforce
Reason for Change(s):
- Salesforce content enrichment
Version Updated:
- NA
Testing Completed:
- yes
Checked that the validations are passing and have addressed any issues that are present:
- NA
Guidance <- remove section before submitting
Hi @rushriva: to help me review -
- Where are the sample logs located?
- Did you run the ASIM testers? If so, can you share the restults?
Hi @rushriva: to help me review -
- Where are the sample logs located?
- Did you run the ASIM testers? If so, can you share the restults?
@oshezaf - Please find response in-line
- Sample logs - I will mail you workspace with sample logs in separate mail
- ASIM tester output - attached in this comment. ASimtester-output-SalesforceSC.csv
First, while there are many comments... You did a very good job. Don't let the many comments here deter you.
As to the comments:
You need to create the vim parser as well. Can be a second step after this one is finished.
Did you add sample data based on the workspace to either the public repository or the private one (Prateek can help with the datails)?
You probably did not run the data tester.
I noticed that you added the project statement after testing, which is good. Notice a missing field (see later).
I need to update testing. There are fields that need setting and are not flagged. Will do it ASAP. It might lead to additional notes.
Additional mappings
- api_version_s -> EventProductVersion
- organization_id_s -> TargetUserScope (this is a very new additional to the schema, needed for UEBA)
- cipher_suite_s -> TlsCipher (not yet defined, but seems useful, will be added)
- tls_protocol_s -> TlsVersion (not yet defined, but seems useful, will be added)
- Do you know what login_key_s is?
@oshezaf - I will create vim parser once asim parser is approved with changes.
I have executed data tester, following fields need to be added -
EventProduct - Salesforce Service Cloud
TargetUserIdType - SalesforceId
ASIM parsers have been changed. ARM templates were regenerated from the updated KQL function YAML files. To find the new ARM templates, pull your branch.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@rushriva please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.
@microsoft-github-policy-service agree [company="{your company}"]Options:
- (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
- (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"Contributor License Agreement
@microsoft-github-policy-service agree [company="Microsoft"]
@rushriva please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.
@microsoft-github-policy-service agree [company="{your company}"]Options:
- (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
- (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"Contributor License Agreement
@microsoft-github-policy-service agree company="Microsoft"
@rushriva please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.
@microsoft-github-policy-service agree [company="{your company}"]Options:
- (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
- (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"Contributor License Agreement
@microsoft-github-policy-service agree [company="Microsoft"]
@microsoft-github-policy-service agree
@microsoft-github-policy-service agree company="Microsoft"
Hi @vakohl, This branch has conflicts. Could you please check and resolve it. Thanks!
