Why am I getting one of the following errors when trying to onboard Salesforce logs to Panther?
Source CB Cloud Staging test did not pass configuration check because: eventMonitoring: authentication failed with HTTP status code 500: unable to authenticate [INVALID_LOGIN: Invalid username, password, security token; or user locked out.]
or
Source Salesforce did not pass configuration check because: SOQL file list request failed with API error code INVALID_FIELD: EventType, LogDate, CreatedDate, Sequence, Interval From EventLogFile ...
or
Source Salesforce did not pass configuration check because: eventMonitoring: SOAP API login HTTP request failed...
Make sure you are onboarding Salesforce production
or Sandbox
tenant logs. Staging
logs are not supported.
For INVALID_LOGIN errors: in order to onboard different kinds of Salesforce environments such as Sandboxes, you can proceed manually by uploading your Salesforce logs to an S3 bucket in Panther's supported format, creating a custom schema, and then ingesting your logs using your custom schema.
For INVALID_FIELD or API failed errors: edit the log source in Panther, and change the pull frequency from Hourly to Daily.
For INVALID_LOGIN errors: this can occur if you attempt to ingest staging
logs from Salesforce.
For INVALID_FIELD errors: this can occur when the Salesforce instance isn't properly configured for hourly log pulling.