How do I resolve the error "did not pass configuration check" when onboarding Salesforce logs to Panther?

Last updated
Save as PDF

ISSUE

Why am I getting one of the following errors when trying to onboard staging tenant Salesforce logs using Panther's native integration?

Source CB Cloud Staging test did not pass configuration check because: eventMonitoring: authentication failed with HTTP status code 500: unable to authenticate [INVALID_LOGIN: Invalid username, password, security token; or user locked out.]

Source Salesforce did not pass configuration check because: SOQL file list request failed with API error code INVALID_FIELD: EventType, LogDate, CreatedDate, Sequence, Interval From EventLogFile ...

RESOLUTION

Make sure you are onboarding Salesforce production tenant logs.

For INVALID_LOGIN errors: in order to onboard different kinds of Salesforce environments such as Sandboxes, you can proceed manually by uploading your Salesforce logs to an S3 bucket in Panther's supported format, creating a custom schema, and then ingesting your logs using your custom schema.

For INVALID_FIELD errors: edit the log source in Panther, and change the pull frequency from Hourly to Daily.

CAUSE

For INVALID_LOGIN errors: this can occur if you attempt to ingest staging logs from Salesforce. Panther's native integration currently supports only Salesforce production environments.

For INVALID_FIELD errors: this can occur when the Salesforce instance isn't properly configured for hourly log pulling.