Salesforce Service Cloud

Salesforce Service Cloud Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Microsoft Corporation
Support Tier	Microsoft
Support Link	https://support.microsoft.com/
Categories	domains
Version	3.0.10
Author	Microsoft - support@microsoft.com
First Published	2022-05-16
Last Updated	2026-01-27
Solution Folder	Salesforce Service Cloud
Marketplace	Azure Marketplace · Popularity: 🟢 High (93%)

The Salesforce Service Cloud solution for Microsoft Sentinel enables you to ingest Service Cloud events into Microsoft Sentinel.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

• Microsoft Sentinel Codeless Connector Framework

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s) (plus 1 discovered⚠️):

🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 2 table(s):

Table	Used By Connectors	Used By Content
`SalesforceServiceCloudV2_CL`	Salesforce Service Cloud (via Codeless Connector Framework), [DEPRECATED] Salesforce Service Cloud	Analytics, Workbooks
`SalesforceServiceCloud_CL` 🔶	[DEPRECATED] Salesforce Service Cloud	Analytics, Workbooks

Internal Tables

The following 1 table(s) are used internally by this solution's content items:

Table	Used By Connectors	Used By Content
`ThreatIntelIndicators`	-	Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 5 content item(s):

Content Type	Count
Analytic Rules	3
Workbooks	1
Parsers	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Brute force attack against user credentials	Medium	CredentialAccess	`SalesforceServiceCloudV2_CL` `SalesforceServiceCloud_CL`
Potential Password Spray Attack	Medium	CredentialAccess	`SalesforceServiceCloudV2_CL` `SalesforceServiceCloud_CL`
User Sign in from different countries	Medium	InitialAccess	`SalesforceServiceCloudV2_CL` `SalesforceServiceCloud_CL`

Workbooks

Name	Tables Used
SalesforceServiceCloud	`SalesforceServiceCloudV2_CL` `SalesforceServiceCloud_CL` Internal use: `ThreatIntelIndicators`

Parsers

Name	Description	Tables Used
SalesforceServiceCloud	-	`SalesforceServiceCloudV2_CL` (read) `SalesforceServiceCloud_CL` (read)

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.1.0	27-04-2026	Updated CCP data connector with expanded DCR, table definitions, and polling configuration
3.0.10	23-01-2026	Update the Salesforce data connector with instructions for the Salesforce Shield Event Monitoring license requirement
3.0.9	17-11-2025	Resolved bug in CCF Data Connector related to column names
3.0.8	04-11-2025	Resolved bugs in Analytic rules related to TimestampDerived field.
3.0.7	02-11-2025	Updated CCF Data Connector polling config to v65.0.
3.0.6	17-10-2025	Updated KQL transformation logic to map USER_NAME to the UserEmail column instead of USER_EMAIL.
3.0.5	20-08-2025	Moving Salesforce Service cloud CCF Data Connector to GA.
3.0.4	11-07-2025	Salesforce Workbook updated with new ThreatIntelIndicators.
3.0.3	03-07-2025	Added Preview tag to CCF Connector title. Deprecated Function app Connector.
3.0.2	24-03-2025	Updated Analytic rules query to use TimeStampDerived column rather than TimeGenerated.
3.0.1	06-02-2025	Updated timeframes for Salesforce cloud Analytic rules.
3.0.0	05-09-2023	Manual deployment instructions updated for Data Connector.