OTHER SIEM INTEGRATION CASE STUDIES
Customer is a leading SIEM solution provider.
They provide a platform for companies to aggregate and act upon Threat Intelligence.
Customer requested to build a Connector app to integrate their platform with Salesforce Event Monitoring to collect events and perform orchestration action to create case based on security alert.
Sacumen developed the Connector app to integrate Salesforce using java, and Apache REST. The Connector app performs the following actions:
Set up the prerequisites
Setup Salesforce Developer login
Or Connect App credential
Authenticate using API (REST) with OAuth 2.0, the access token is a session ID and can be used directly.
Collect the events
Collect event based on filter like event type, event creation date
Calculates estimated EPS.
Calculates bandwidth consumption.
Calculates the error rate.
If EPS goes beyond the limit, then throttle the extra events to maintain the performance of the app.
Perform orchestration action like create cases in Salesforce.