AlienVault® USM Anywhere™

Configuring the Salesforce App

Role Availability Read-Only Analyst Manager

To use the Salesforce App in USM Anywhere, you first need to log in to Salesforce to create the connected app and obtain the appropriate credentials. Because the account used to create the app will be responsible for creating all the Salesforce cases and will potentially be used by multiple users, it is recommenced that you create a separate, dedicated "service account" user. This user should have only enough permissions to allow the user to create cases. Do not reuse an admin account. Multiple accounts or accounts on different sensors may result in duplicated cases or cause confusion.

Important: Because of the way the Salesforce API implements event log processing, events can take at least 3–6 hours to be processed, potentially more. Because of this, there may be latency in the creation of cases.

To create the connected app in Salesforce

  1. Log into Salesforce with your username and password.
  2. Go to the Settings Console by clicking the Settings icon.

  3. In the Platform Tools menu on the left, go to Apps > App Manager.
  4. Click the New Connected App button at the top of the Lightning Experience App Manager header.

    The New Connected App modal displays below.

  5. Fill out the required Basic Information fields:

    • Connected App Name
    • API Name
    • Contact Email
  6. In the API (Enable OAuth Settings) section, click the Enable OAuth Settings checkbox.

    The section expands with further options

  7. Click the Enable for Device Flow checkbox.

    The Callback URL field automatically populates the link.

  8. In the Available OAuth Scopes section, select the following options and click Add for each:

    • Access and manage your data (api)
    • Perform requests on your behalf at any time (refresh_token, offline_access)
  9. Click the Require Secret for Web Server Flow checkbox.
  10. Click Save to complete the app creation process and then click Continue.

The app's page displays and is now included in the Collected Apps section of your Salesforce Apps page. The new app page contains the Consumer ID and Consumer Secret in the API section of the page. You will need these to connect the app in USM Anywhere.

Connecting the Salesforce App in USM Anywhere

After you obtain the OAuth, you must configure the connection within USM Anywhere.

To enable the AlienApp for Salesforce

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. On the AlienApps page, click the Salesforce tile.

  4. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor.

  5. Click the Settings tab.
  6. In the Service Client ID field, enter the Client ID, Client Secret, Username, and Password for the Salesforce app you created.
  7. Click Save Credentials.