topic Re: Salesforce Security Use case in Splunk Cloud Platform

Salesforce Security Use case

tv00638481 — Fri, 17 Nov 2023 07:42:11 GMT

Hi,

I'm looking Security Use case on Salesforce application. Request to suggest if any please.

Regards

Re: Salesforce Security Use case

inventsekar — Fri, 17 Nov 2023 10:05:14 GMT

Hi @tv00638481

Please check these things...

https://lantern.splunk.com/Data_Descriptors/Salesforce#:~:text=Salesforce%20data%20can%20be%20used,and%20for%20data%20loss%20prevention.

This is from Splunk Employee gschatz ....For an example of a SBF use case, see how the Otto group reduces system complexity with Splunk Business Flow. https://www.splunk.com/en_us/customers/success-stories/sbf-otto-group.html

https://community.splunk.com/t5/All-Apps-and-Add-ons/Anyone-Using-Splunk-App-for-Salesforce-Use-Cases/m-p/476521

Splunk App for Salesforce - will be helpful for data onboarding and dashboards.

https://splunkbase.splunk.com/app/1931/

https://www.splunk.com/en_us/blog/partners/monitor-salesforce-s-real-time-events-with-splunk.html

https://lantern.splunk.com/Splunk_Platform/UCE/Security/Threat_Hunting/Protecting_a_Salesforce_cloud_deployment

Re: Salesforce Security Use case

tv00638481 — Fri, 17 Nov 2023 10:36:27 GMT

Thank you, sir, for the inputs share. Will come back if something needed.

Re: Salesforce Security Use case

tv00638481 — Tue, 06 Feb 2024 11:53:55 GMT

I'm trying understand the below query to implement. what would be the expected result .

Any idea about this query.

https://lantern.splunk.com/Splunk_Platform/UCE/Security/Threat_Hunting/Protecting_a_Salesforce_cloud...

ROWS_PROCESSED>0 EVENT_TYPE=API OR EVENT_TYPE=BulkAPI OR EVENT_TYPE=RestAPI
|lookup lookup_sfdc_usernames USER_ID
|bucket _time span=1d 
|stats sum(ROWS_PROCESSED) AS rows BY _time Username
|stats count AS num_data_samples max(eval(if(_time >= relative_time(maxtime, "-1d@d"), 'rows',null))) AS rows avg(eval(if(_time<relative_time(maxtime,"-1d@d"),'rows',null))) AS avg stdev(eval(if(_time<relative_time(maxtime,"-1d@d"),'rows',null))) AS stdev BY Username
|eval lowerBound=(avg-stdev*2), upperBound=(avg+stdev*2)
|where 'rows' > upperBound AND num_data_samples >=7

Re: Salesforce Security Use case

inventsekar — Thu, 08 Feb 2024 23:22:42 GMT

on that same link, they have given a good search explanation. may i know if you read it.. may i know what confusion you have after reading that, thanks.