3.0.7 - Updated CCF Data Connector polling config to use v65.0.

Solutions/Salesforce Service Cloud/Data Connectors/SalesforceSentinelConnector_CCP/SalesforceServiceCloud_DataConnectorDefinition.json

@@ -27,14 +27,18 @@
       "dataTypes": [
         {
           "name": "{{graphQueriesTableName}}",
-          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n|summarize Time = max  (TimeGenerated)\n|where isnotempty(Time)"
+          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
         }
       ],
       "connectivityCriteria": [
         {
           "type": "HasDataConnectors"
         }
       ],
+      "availability": {
+        "isPreview": false,
+        "status": 1
+      },
       "permissions": {
         "resourceProvider": [
           {
@@ -45,7 +49,8 @@
             "requiredPermissions": {
               "write": true,
               "read": true,
-              "delete": true
+              "delete": true,
+              "action": false
             }
           }
         ],
@@ -58,7 +63,8 @@
       },
       "instructionSteps": [
         {
-          "description": "Follow [Create a Connected App in Salesforce for OAuth](https://help.salesforce.com/s/articleView?id=platform.ev_relay_create_connected_app.htm&type=5) and [Configure a Connected App for the OAuth 2.0 Client Credentials Flow](https://help.salesforce.com/s/articleView?id=xcloud.connected_app_client_credentials_setup.htm&type=5) to create a Connected App with access to the Salesforce Service Cloud API. Through those instructions, you should get the Consumer Key and Consumer Secret.\n For Salesforce Domain name, Go to Setup, type My Domain in the Quick Find box, and select My Domain to view your domain details. Make sure to enter the domain name without a trailing slash (e.g., https://your-domain.my.salesforce.com). Fill the form bellow with that information.",
+          "title": "Connect to Salesforce Service Cloud API to start collecting event logs in Microsoft Sentinel",
+          "description": "Follow [Create a Connected App in Salesforce for OAuth](https://help.salesforce.com/s/articleView?id=platform.ev_relay_create_connected_app.htm&type=5) and [Configure a Connected App for the OAuth 2.0 Client Credentials Flow](https://help.salesforce.com/s/articleView?id=xcloud.connected_app_client_credentials_setup.htm&type=5) to create a Connected App with access to the Salesforce Service Cloud API. Through those instructions, you should get the Consumer Key and Consumer Secret.\n For Salesforce Domain name, Go to Setup, type My Domain in the Quick Find box, and select My Domain to view your domain details. Make sure to enter the domain name without a trailing slash (e.g., https://your-domain.my.salesforce.com). Fill the form below with that information.",
           "instructions": [
             {
               "type": "Textbox",
@@ -77,9 +83,6 @@
               "parameters": {
                 "label": "Log Collection Interval",
                 "name": "queryType",
-                "required": true,
-                "type": "text",
-                "placeholder": "Select a Interval type",
                 "options": [
                   {
                     "key": "SELECT Id,EventType,LogDate,Interval,CreatedDate,LogFile,LogFileLength FROM EventLogFile WHERE Interval='Hourly' and CreatedDate>{_QueryWindowStartTime} and CreatedDate<{_QueryWindowEndTime}",
@@ -89,7 +92,10 @@
                     "key": "SELECT Id,EventType,LogDate,CreatedDate,LogFile,LogFileLength FROM EventLogFile WHERE CreatedDate>{_QueryWindowStartTime} and CreatedDate<{_QueryWindowEndTime}",
                     "text": "Daily"
                   }
-                ]
+                ],
+                "placeholder": "Select an interval type",
+                "isMultiSelect": false,
+                "required": true
               }
             },
             {
@@ -103,8 +109,7 @@
                 "disconnectButtonLabel": "Disconnect"
               }
             }
-          ],
-          "title": "Connect to Salesforce Service Cloud API to start collecting event logs in Microsoft Sentinel"
+          ]
         }
       ]
     }

Solutions/Salesforce Service Cloud/Data Connectors/SalesforceSentinelConnector_CCP/SalesforceServiceCloud_PollingConfig.json

@@ -1,84 +1,86 @@
-[
-  {
-    "name": "SalesforceServiceCloudPolling",
-    "apiVersion": "2022-12-01-preview",
-    "type": "Microsoft.SecurityInsights/dataConnectors",
-    "location": "{{location}}",
-    "kind": "RestApiPoller",
-    "properties": {
-      "connectorDefinitionName": "SalesforceServiceCloudCCPDefinition",
-      "dataType": "SalesforceServiceCloudV2_CL",
-      "dcrConfig": {
-        "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
-        "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}",
-        "streamName": "Custom-SalesforceServiceCloudV2_CL"
+{
+  "type": "Microsoft.SecurityInsights/dataConnectors",
+  "apiVersion": "2024-09-01",
+  "name": "SalesforceServiceCloudPolling",
+  "location": "[[parameters('location')]",
+  "kind": "RestApiPoller",
+  "properties": {
+    "auth": {
+      "type": "OAuth2",
+      "ClientId": "[[parameters('clientId')]",
+      "ClientSecret": "[[parameters('clientSecret')]",
+      "GrantType": "client_credentials",
+      "TokenEndpoint": "[[concat(parameters('salesforceDomainName'),'/services/oauth2/token')]",
+      "TokenEndpointHeaders": {
+        "Accept": "application/json",
+        "Content-Type": "application/x-www-form-urlencoded"
       },
-      "auth": {
-        "type": "OAuth2",
-        "ClientSecret": "{{clientSecret}}",
-        "ClientId": "{{clientId}}",
-        "TokenEndpoint": "{{salesforceDomainName}}/services/oauth2/token",
-        "tokenEndpointHeaders": {
-          "Accept": "application/json",
-          "Content-Type": "application/x-www-form-urlencoded"
-        },
-        "TokenEndpointQueryParameters": {},
-        "grantType": "client_credentials"
+      "TokenEndpointQueryParameters": {}
+    },
+    "request": {
+      "apiEndpoint": "[[concat(parameters('salesforceDomainName'),'/services/data/v65.0/query')]",
+      "httpMethod": "GET",
+      "rateLimitQPS": 10,
+      "queryWindowInMin": 10,
+      "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+      "retryCount": 3,
+      "timeoutInSeconds": 60,
+      "headers": {
+        "Accept": "application/json",
+        "User-Agent": "Scuba"
       },
-      "request": {
-        "apiEndpoint": "{{salesforceDomainName}}/services/data/v44.0/query",
-        "httpMethod": "GET",
-        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-        "rateLimitQPS": 10,
-        "queryWindowInMin": 60,
-        "retryCount": 3,
-        "timeoutInSeconds": 60,
-        "headers": {
-          "Accept": "application/json",
-          "User-Agent": "Scuba"
-        },
-        "queryParameters": {
-          "q": "{{queryType}}[0]"
+      "queryParameters": {
+        "q": "[[parameters('queryType')[0]]"
+      }
+    },
+    "response": {
+      "eventsJsonPaths": [
+        "$.records"
+      ],
+      "format": "json"
+    },
+    "paging": {
+      "pagingType": "NextPageUrl",
+      "nextPageUrl": "[[parameters('salesforceDomainName')]",
+      "nextPageTokenJsonPath": "$.nextRecordsUrl",
+      "isNextPageTokenRelativeUrl": true
+    },
+    "stepInfo": {
+      "stepType": "Nested",
+      "nextSteps": [
+        {
+          "stepId": "fetchLogFileData",
+          "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project logFileUrl = res.LogFile"
         }
-      },
-      "response": {
-        "eventsJsonPaths": [ "$.records" ],
-        "format": "json"
-      },
-      "paging": {
-        "pagingType": "NextPageUrl",
-        "nextPageTokenJsonPath": "$.nextRecordsUrl",
-        "nextPageUrl": "{{salesforceDomainName}}",
-        "isNextPageTokenRelativeUrl": true
-      },
-      "stepInfo": {
-        "stepType": "Nested",
-        "nextSteps": [
-          {
-            "stepId": "fetchLogFileData",
-            "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project logFileUrl = res.LogFile"
-          }
-        ]
-      },
-      "stepCollectorConfigs": {
-        "fetchLogFileData": {
-          "shouldJoinNestedData": true,
-          "joinedDataStepName": "LogData",
-          "request": {
-            "httpMethod": "GET",
-            "apiEndpoint": "{{salesforceDomainName}}$logFileUrl$",
-            "headers": {
-              "Accept": "application/json",
-              "User-Agent": "Scuba"
-            }
-          },
-          "response": {
-            "format": "csv",
-            "eventsJsonPaths": [ "$" ],
-            "HasCsvHeader": true
+      ]
+    },
+    "stepCollectorConfigs": {
+      "fetchLogFileData": {
+        "shouldJoinNestedData": true,
+        "joinedDataStepName": "LogData",
+        "request": {
+          "apiEndpoint": "[[concat(parameters('salesforceDomainName'),'$logFileUrl$')]",
+          "httpMethod": "GET",
+          "headers": {
+            "Accept": "application/json",
+            "User-Agent": "Scuba"
           }
+        },
+        "response": {
+          "eventsJsonPaths": [
+            "$"
+          ],
+          "format": "csv",
+          "hasCsvHeader": true
         }
       }
+    },
+    "connectorDefinitionName": "SalesforceServiceCloudCCPDefinition",
+    "dataType": "SalesforceServiceCloudV2_CL",
+    "dcrConfig": {
+      "streamName": "Custom-SalesforceServiceCloudV2_CL",
+      "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
+      "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
     }
   }
-]
+}