Learn more about the Salesforce data source and collector in Cortex XDR.
Cortex XDR provides two methods for connecting to your Salesforce instance. Your choice depends on whether you want to ingest security event logs for monitoring, or use the guided wizard setup for integrated services.
For event monitoring: Use the standard collector to stream security logs and audit trails into XSIAM datasets for continuous investigation.
For integrated CRM & Security Services: Use the data source wizard to provision integrations for automation, remediation, identity management, and security posture in a single workflow.
The following table compares the Salesforce data sources based on the specific data they ingest and their functional roles.
Salesforce vendor | Description | Note |
|---|---|---|
Standard Collector | Forward collected Audit Trail and Security Monitoring event logs from Salesforce to Cortex XDR using the Salesforce data source. Ingests Audit Trail and Security Monitoring event logs, including:
For more information, see Ingest logs and data from Salesforce. | Use the standard collector when your goal is strictly to ingest security and event logs continuously for search and correlation. The standard collector is not a Marketplace integration and is not covered currently by the data source wizard. |
Data Source Wizard | Ingests data using the Salesforce content pack to provide full CRM services for identity, automation, remediation, and security posture. Includes the following integrations:
For more information, see Ingest and run Salesforce automation and remediation. | The wizard automatically selects and provisions the correct underlying integration based on the specific functional capabilities you choose. |