search

Azure / Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.
https://azure.microsoft.com/en-us/services/azure-sentinel/
MIT License
4.58k stars 3.01k forks source link

Salesforce Service Cloud doesn't collect logs from Salesforces #10765

Closed DaGrand closed 3 months ago

DaGrand commented 3 months ago

Describe the bug In Microsoft Sentinel, I use the code the Salesforce Service Cloud as the main application to collect the logs between Salesforce and Sentinel. And the connection works but the logs aren't imported in Sentinel.

To Reproduce Steps to reproduce the behavior:

  1. Go to 'Microsoft SEntinel'
  2. Install the module 'Salesforce service cloud'
  3. Wait for the service to run daily or hourly
  4. Contact Microsoft to get the errors
  5. See error below

Expected behavior Normally this feature should import Salesforce Logs into Sentinel

Screenshots Base on a ticket open with Microsoft Support Engineer here is the log error I get in Microsoft System.

`Here is a copy of the error that shows in our systems. Full Exception : Exception while executing function /Functions.SalesforceSentinelConnector ---> Microsoft.Azure.WebJobs.Script.Workers.Rpc.RpcException /Result /Failure Exception /TypeError /'NoneType' object is not iterable

/
'/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py', line 604, in _handleinvocation_request call_result = await self._loop.run_in_executor(
'/usr/local/lib/python3.8/concurrent/futures/thread.py', line 57, in run result = self.fn(*self.args, self.kwargs)
'/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py', line 933, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context,
'/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/extension.py', line 215, in _raw_invocation_wrapper result = function(args)
'/home/site/wwwroot/SalesforceSentinelConnector/init__.py', line 220, in main for line in pull_log_files() /
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
async Microsoft.Azure.WebJobs.Script.Description.WorkerFunctionInvoker.InvokeCore(Object[] parameters,FunctionInvocationContext context) /src/azure-functions-host/src/WebJobs.Script/Description/Workers/WorkerFunctionInvoker.cs /101
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
async Microsoft.Azure.WebJobs.Script.Description.FunctionInvokerBase.Invoke(Object[] parameters) /src/azure-functions-host/src/WebJobs.Script/Description/FunctionInvokerBase.cs /82
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
async Microsoft.Azure.WebJobs.Host.Executors.VoidTaskMethodInvoker2.InvokeAsync[TReflected,TReturnType](TReflected instance,Object[] arguments) D:\a\_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\VoidTaskMethodInvoker.cs /20 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() async Microsoft.Azure.WebJobs.Host.Executors.FunctionInvoker2.InvokeAsync[TReflected,TReturnValue](Object instance,Object[] arguments) D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionInvoker.cs /53
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.InvokeWithTimeoutAsync(IFunctionInvoker invoker,ParameterHelper parameterHelper,CancellationTokenSource timeoutTokenSource,CancellationTokenSource functionCancellationTokenSource,Boolean throwOnTimeout,TimeSpan timerInterval,IFunctionInstance instance) D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs /581
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithWatchersAsync(IFunctionInstanceEx instance,ParameterHelper parameterHelper,ILogger logger,CancellationTokenSource functionCancellationTokenSource) D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs /527
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithLoggingAsync(IFunctionInstanceEx instance,FunctionStartedMessage message,FunctionInstanceLogEntry instanceLogEntry,ParameterHelper parameterHelper,ILogger logger,CancellationToken cancellationToken) D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs /306 End of inner exception
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithLoggingAsync(IFunctionInstanceEx instance,FunctionStartedMessage message,FunctionInstanceLogEntry instanceLogEntry,ParameterHelper parameterHelper,ILogger logger,CancellationToken cancellationToken) D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs /352
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.TryExecuteAsync(IFunctionInstance functionInstance,CancellationToken cancellationToken) D:\a_work\1\s\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs /108

Luke Peil Support Engineer `

Desktop:

v-sudkharat commented 3 months ago

Hi @DaGrand, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 19-07-2024. Thanks!

v-sudkharat commented 3 months ago

Hi @DaGrand, Could you please send the function app invocation error screenshots with us. Thanks!

DaGrand commented 3 months ago

As requested here is the function app invocation error's screenshot.

image

v-sudkharat commented 3 months ago

Hi @DaGrand, We are having similar case for one of the customers, this error occurred due to maybe you are using Salesforce Developer Edition and with that, you're trying to pull the data for hourly cadence (this cadence can be configured via Function App --> Configuration --> TimeInterval) this feature requires additional license from salesforce. The instructions are also mentioned into the Data connector blade as well: -

image

So, Kindly check if you're having additional license or please deploy the connector with Daily time interval and check the connector is working without and error.

Please let us know it help you to resolve your issue. Thanks!

v-sudkharat commented 3 months ago

@DaGrand, Waiting for your response on above comment. Thanks!

DaGrand commented 3 months ago

Hi @v-sudkharat after reviewing your comment, I recreates the function app and set the interval to Daily and everything is fine now.

v-sudkharat commented 3 months ago

@DaGrand, Thank you for confirmation. So, closing this issue. If you still need support for this issue, feel free to re-open it any time. Thank you for your co-operation.