You need to sign in to do that
Don't have an account?
John Devine 14
get SIEM data and events in real time?
is there a way to get SIEM events and data in real time from the REST API? Which endpoints might I want to make use of? what sort of queries would I use? I tried to query EventLogFile but it says it is not supported.
A client app can subscribe to these streams by implementing a long polling technique/CometD protocol, in python if you like. Searching the internet, there appears to be a python library which may expedite this for you - more info here (https://salesforce.stackexchange.com/questions/219239/how-to-publish-platform-event-from-aiosfstream-python-library)
The REST SELECT statement you mentioned in the comments refers specifically to retrieving the daily/hourly logs.
All Answers
Accessing EventLogFile object requires View Event Log Files and API Enabled user permissions. Users with View All Data permission can view event log files.
Review below link for more information.
https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_objects_eventlogfile.htm
Hope above information was helpful.
Please mark as Best Answer so that it can help others in the future.
Thanks,
Vinay Kumar
thanks for your reply. I read this in the REST API developer guide about event monitoring:
"An event generates log data in real time. However, daily log files are generated during nonpeak hours the day after an event takes place. Therefore, daily log file data is unavailable for at least one day after an event. For hourly log files, depending on event delivery and final processing time, an event is expected to take three to six hours from the time of the event to be available in the log file. However, it can take longer."
This does not seem like real-time event monitoring. How can I view event data in real time?
Use below link to access Event Monitoring log files.
https://salesforce-elf.herokuapp.com
https://success.salesforce.com/issues_view?id=a1p3A000001SHKTQA4&title=how-to-access-and-download-your-event-monitoring-log-files
Please mark as Best Answer if above information was helpful so that it can help others in the future.
Thanks,
Vinay Kumar
You might need to reach out to your Account executive to purchase Event Monitoring.
Enable Event Monitoring
===================
https://help.salesforce.com/articleView?id=000339868&language=en_US&type=1&mode=1
API Enabled
==========
https://ebstalimited.zendesk.com/hc/en-us/articles/229295368-How-do-I-enable-API-access-in-Salesforce
Thanks,
Vinay Kumar
I found under Setup in Event Manager I have a list of subscription channels such as:
/event/ApiEventStream
/event/LoginEventStream
etc. each of type Event Monitoring... I have enabled each of them for streaming. I am trying to use a python script to subscribe to these to receive real time data. Any idea how I can do this?
A client app can subscribe to these streams by implementing a long polling technique/CometD protocol, in python if you like. Searching the internet, there appears to be a python library which may expedite this for you - more info here (https://salesforce.stackexchange.com/questions/219239/how-to-publish-platform-event-from-aiosfstream-python-library)
The REST SELECT statement you mentioned in the comments refers specifically to retrieving the daily/hourly logs.