Why am I getting one of the following errors when trying to onboard staging tenant Salesforce logs using Panther's native integration?
Source CB Cloud Staging test did not pass configuration check because: eventMonitoring: authentication failed with HTTP status code 500: unable to authenticate [INVALID_LOGIN: Invalid username, password, security token; or user locked out.]
Source Salesforce did not pass configuration check because: SOQL file list request failed with API error code INVALID_FIELD: EventType, LogDate, CreatedDate, Sequence, Interval From EventLogFile ...
Make sure you are onboarding Salesforce
production tenant logs.
For INVALID_LOGIN errors: in order to onboard different kinds of Salesforce environments such as Sandboxes, you can proceed manually by uploading your Salesforce logs to an S3 bucket in Panther's supported format, creating a custom schema, and then ingesting your logs using your custom schema.
For INVALID_FIELD errors: edit the log source in Panther, and change the pull frequency from Hourly to Daily.
For INVALID_LOGIN errors: this can occur if you attempt to ingest
staging logs from Salesforce. Panther's native integration currently supports only Salesforce
For INVALID_FIELD errors: this can occur when the Salesforce instance isn't properly configured for hourly log pulling.