Platform Events Developer Guide

Platform Events Developer Guide
Delivering Custom Notifications with Platform Events
Defining Your Custom Platform Event
Publishing Platform Events
Subscribing to Platform Events
Testing Your Platform Event in Apex
Encrypting Platform Event Messages at Rest in the Event Bus
Considerations
Examples
Reference
Platform Event Allocations
EventBusSubscriber
EventBus Class
Platform Event Error Status Codes
TriggerContext Class
Standard Platform Event Objects
Change Data Capture Events
Standard Platform Event Object List
AIPredictionEvent
AIUpdateRecordEvent
AssetTokenEvent
AsyncOperationEvent (Beta)
BatchApexErrorEvent
FlowExecutionErrorEvent
FOStatusChangedEvent
OrderSummaryCreatedEvent
OrderSumStatusChangedEvent
PlatformStatusAlertEvent
RemoteKeyCalloutEvent
Real-Time Event Monitoring Objects
ApiEvent
ApiEventStream
CredentialStuffingEvent (Beta)
CredentialStuffingEventStore (Beta)
IdentityVerificationEvent
LightningUriEvent
LightningUriEventStream
ListViewEvent
ListViewEventStream
LoginAsEvent
LoginAsEventStream
LoginEvent
LoginEventStream
LogoutEvent
LogoutEventStream
MobileEmailEvent
MobileEnforcedPolicyEvent
MobileScreenshotEvent
MobileTelephonyEvent
ReportAnomalyEvent (Beta)
ReportAnomalyEventStore (Beta)
ReportEvent
ReportEventStream
SessionHijackingEvent (Beta)
SessionHijackingEventStore (Beta)
UriEvent
UriEventStream
PDF

Newer Version Available

This content describes an older version of this product. View Latest

CredentialStuffingEventStore (Beta)

Tracks when a user successfully logs into Salesforce during an identified credential stuffing attack. Credential stuffing refers to large-scale automated login requests using stolen user credentials. CredentialStuffingEventStore is an object that stores the event data of CredentialStuffingEvent. This object is available in API version 48.0 and later.

Supported Calls

As a beta feature, the CredentialStuffingEventStore event is a preview and not part of the “Services” under your master subscription agreement with Salesforce. Use this feature at your sole discretion, and make your purchase decisions only on the basis of generally available products and features. Salesforce doesn’t guarantee general availability of this feature within any particular time frame or at all, and we can discontinue it at any time. This feature is for evaluation purposes only, not for production use. It’s offered as is and isn’t supported, and Salesforce has no liability for any harm or damage arising out of or in connection with it. All restrictions, Salesforce reservation of rights, obligations concerning the Services, and terms for related Non-Salesforce Applications and Content apply equally to your use of this feature. You can provide feedback and suggestions for this feature in the Salesforce Official: Shield group in the Trailblazer Community.

Note

describeSObjects(), getDeleted(), getUpdated(), query()

Special Access Rules

Accessing this object requires either the Salesforce Shield or Event Monitoring add-on subscription and the View Data Leakage Detection Events user permission.

Fields

Field Details
AcceptLanguage
Type
string
Properties
Group, Nillable, Sort
Description
List of HTTP Headers that specify the natural language, such as English, that the client understands.
Example
zh, en-US;q=0.8, en;q=0.6
EventDate
Type
dateTime
Properties
Filter, Sort
Description
Required. The time when the hijacking event was reported. For example, 2020-01-20T19:12:26.965Z. Milliseconds are the most granular setting.
EventIdentifier
Type
string
Properties
Filter, Group, Sort
Description
Required. The unique ID of the event. For example, 0a4779b0-0da1-4619-a373-0a36991dff90.
LoginKey
Type
string
Properties
Group, Nillable, Sort
Description
The string that ties together all events in a given user’s login session. The session starts with a login event and ends with either a logout event or the user session expiring. For example, lUqjLPQTWRdvRG4.
LoginType
Type
picklist
Properties
Group, Nillable, Restricted picklist, Sort
Description
The type of login used to access the session. Possible values are:
  • AJAX Toolkit
  • Apex Office Toolkit
  • AppExchange
  • Application
  • AppStore
  • Certificate-based login
  • Chatter Communities Eternal User Third Party SSO
  • Chatter Communities External User
  • Community
  • Customer Service Portal Third-Party SSO
  • Customer Service Portal
  • DataJunction
  • DB Replication
  • Employee Login to Community
  • Excel Integration
  • Help and Training
  • HOTP YubiKey
  • Lightning Login
  • Networks Portal API Only
  • Offline Client
  • Order Center
  • Other Apex API
  • Outlook Integration
  • Partner Portal Third-Party SSO
  • Partner Portal
  • Partner Product
  • Passwordless Login
  • Remote Access 2.0
  • Remote Access Client
  • Sales Anywhere
  • Salesforce Outlook Integration
  • Salesforce.com Website
  • SAML Chatter Communities External User SSO
  • SAML Customer Service Portal SSO
  • SAML Idp Initiated SSO
  • SAML Partner Portal SSO
  • SAML Sfdc Initiated SSO
  • SAML Site SSO
  • Self-Service
  • Signup
  • Sync
  • SysAdmin Switch
  • Third Party SSO
  • Validate
LoginUrl
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The URL of the login page. For example, login.salesforce.com.
Score
Type
double
Properties
Nillable, Sort
Description
Indicates that a user successfully logged into Salesforce during an identified credential stuffing attack. The value of this field is always 1.
SessionKey
Type
string
Properties
Nillable, Group, Nillable, Sort
Description
The user’s unique session ID. Use this value to identify all user events within a session. When a user logs out and logs in again, a new session is started. For example, vMASKIU6AxEr+Op5.
SourceIp
Type
string
Properties
Nillable, Group, Nillable, Sort
Description
The source IP address of the unauthorized user that successfully logged in after the credential stuffing attack. For example, 126.7.4.2.
UserAgent
Type
string
Properties
Filter, Nillable, Sort
Description
The User-Agent header of the HTTP request of the unauthorized login. For example, Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36.
UserId
Type
reference
Properties
Filter, Group, Nillable, Sort
Description
The origin user’s unique ID. For example, 005000000000123.
Username
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The origin username in the format of user@company.com at the time the event was created.