Accenture MDR Quick Start Guide for Salesforce Shield

Owned by Dinesh Murugaiyan
Last updated: Jun 28, 2022 by KM (Unlicensed)
5 min read

This quick start guide will help Accenture MDR customers configure Salesforce Shield to allow log collection from the Log Collection Platform (LCP).

The document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.

Port Requirements         

Table 1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

LCP

Salesforce Shield

TCP / 443

Default port and protocol

Configuring Salesforce Shield

Note: Following steps have to be performed by a system administrator.

  • Enabling Logs for Streaming

  1. Go To your instance of salesforce Console (https://<Instance_Name>.my.salesforce.com, make sure you are in the new lightning portal.

  2. Click on the setup icon on the top right and then select Setup from the option.

3. Search for Event Manager in the quick find tab on the left sidebar.

4. Open Event Manager from the results.

5. On the right side Enable Streaming and Storage for each of the event types possible by clicking on the drop-down icon at the end of each event type.

 

  • Creating a connected App

  1. In the quick find tab, search for App Manager and open it.

2. Click on New Connected App on the right side of the Lightning Experience App Manager

3. On the next page, Provide the name as MxDR APP, API Name will auto-populate once clicked, Provide a valid email address.
Select Enable OAuth Settings and Enable for Device Flow (Callback URL will get auto-populated)
Select "Perform requests at any time (refresh_token, offline_access)" and "Manage user data via APIs (api)" scope from Available OAuth Scopes and move it to Selected OAuth Scopes.

4. Keep everything else as it is and click Save.

5. On the Next Screen, click continue.

6. On the screen click on the copy icon next to Consumer Key and provide this to MxDR, Also click on Click to reveal text next to Consumer Secret and copy the displayed secret and provide it to the MxDR team.

 

  • Permission Set Creation

Pre-Requisite: Permission set View is already created, Below are only the steps to create a new permission set.

  1. Search for Users in the Quick Find tab, and select Permission Sets under the users section.

2. Click on New Button to create a new permission set. Provide Label as mxdr permission, API name will get auto-populated. Select License as Salesforce.

3. Click Save

4. On Next Screen, Click on System Permissions under the System section.

5. On Next Screen click edit and select the following permissions:
View Event Log Files
View Login Forensics Events
View Real-Time Event Monitoring Data
View Threat Detection Events
[optional] Customize Application (Required for Logout Events only)

6. Click Save, and again Save on the popup menu.

 

  • User Creation

  1. Search for Users in the Quick Find tab, and select users under the users section.

2. Click on New User

Fill Mandatory fields: Last Name as mxdr_user, alias, valid email (this will be required to get password and token), username (fill if not auto-populated), and Nickname (auto-populated)
Select User License as Salesforce and Profile as Standard User.
Keep Everything else as it is.

3. Click Save, An email will be sent to the email id mentioned for this user, use that to set a password for this user and share both username and password with the MxDR team.

4. On The next screen, hover the mouse over Permission Set Assignments, and on the popup click Edit Assignments.

5. On the next screen, select the previously created “mxdr permission” permission set from Available Permission Sets and move it to Enabled Permission sets.

6. Click Save

7. Go Back to Users Menu and click Login next to the mxdr_user previously created, it will open a new tab.
Note: if Login As option is not allowed for administrators, then login with the user-created previously and follow the below steps)

8. Click on the user icon on the top right and then click on settings.

9. Search for reset in the quick find tab, click on Reset my Security token, and on the right pane click on reset security token.

10. Token will be sent to the email address linked with this user, check the email and provide the token to MxDR team.

 

LCP Configuration parameters

Table 1-2: The Salesforce Shield Event Collector (5030 – API) properties to be configured by MDR are shown in table.

Property

Default Value

 Description

URL

 

[Optional] Populate if empty doesn’t work, URL of customer’s salesforce instance e.g: https://<Organisation>.my.salesforce.com

User Name

 

Username of the new user created in log configuration steps.

Password

 

Password created for the new user

Client ID

 

Consumer Key obtained from the new application created above

Client Secret

 

Consumer Secret obtained when creating the new application was created above

Security Token

 

Token obtained in the new user’s email.

Customer Name

 

Simple name to identify customer also used to identify origin

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.