BlueApp for Salesforce

Automate creation of Salesforce cases for USM Anywhere investigations.

  • Salesforce
  • Ticketing
  • Response

See All BlueApps + Plug-ins >
BlueApps extend USM Anywhere’s threat detection and orchestration capabilities to other security tools at no additional cost.
Learn more ›

The BlueApp for Salesforce provides visibility into important Salesforce security-related events with a dashboard, and streamlines incident response activities by automatically opening Salesforce cases in response to threats detected by USM Anywhere.

Salesforce Screenshot


The dashboard includes a consolidated view of important security events and trends, enabling the SOC operator to quickly spot unusual activities.

  • Login Attempts, failed logins by user, and Failed login reasons visualize potential access violations
  • Top Reports by Size quickly reveals unusual data downloads of Salesforce data
  • Login Activity reveals login trends over time, revealing spikes and other problems

Response actions

Cases can be opened automatically based on a correlation rule, or manually by the SOC analyst working a case. USM Anywhere generates the Salesforce case and populates the Salesforce case fields with details from USM Anywhere. For example:

  • Create a Salesforce automatic Response rule using a source or destination address seen in an event, alarm, or vulnerability from the user interface
  • Create a Salesforce case with the short description and description fields pre-populated
  • Trigger an action to create a new case and specify the incident information from the following fields: Type of Request, Case Reason, subject, priority, status

Why you’ll love the BlueApp for Salesforce

Reduce time to detection and remediation

  • Automate remediation and policy enforcement between USM Anywhere and Salesforce for rapid response
  • Virtually eliminate friction in the incident response process, accelerating the time to respond to threats
  • Enhance threat visibility and help reduce mean time to detection and response

Save time and money

  • Enable focus on threat response and not writing complex security analytics rules
  • Simple, form-based integration helps accelerate time to productivity, rather than spending time on complicated cross-product integration.
Get price Free trial