| AcceptLanguage |
- Type
- string
- Properties
- Nillable
- Description
- List of HTTP Headers that specify the natural language,
such as English, that the client understands.
- Example
- zh, en-US;q=0.8,
en;q=0.6
|
| EvaluationTime |
- Type
- double
- Properties
- Nillable
- Description
- The amount of time it took to evaluate the policy in
milliseconds.
|
| EventDate |
- Type
- dateTime
- Properties
- Nillable
- Description
- The time when the hijacking event was reported. For
example, 2020-01-20T19:12:26.965Z. Milliseconds are
the most granular setting.
|
| EventIdentifier |
- Type
- string
- Properties
- Nillable
- Description
- The unique ID of the event, which is shared with the
corresponding storage object. For example, 0a4779b0-0da1-4619-a373-0a36991dff90. Use this field to correlate
the event with its storage object.
|
| EventUuid |
- Type
- string
- Properties
- Nillable
- Description
- A universally unique identifier (UUID) that identifies
a platform event message. This field is available in API version 52.0 and
later.
|
| LoginKey |
- Type
- string
- Properties
- Nillable
- Description
- The string that ties together all events in a given user’s
login session. The session starts with a login event and ends with either a
logout event or the user session expiring. For example, lUqjLPQTWRdvRG4.
|
| LoginType |
- Type
- picklist
- Properties
- Nillable, Restricted picklist
- Description
- The type of login used to access the session. See the
LoginType field of LoginHistory in the Object Reference guide
for the list of possible values.
|
| LoginUrl |
- Type
- string
- Properties
- Nillable
- Description
- The URL of the login page. For example, login.salesforce.com.
|
| PolicyId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the transaction policy associated with this
event. For example, 0NIB000000000KOOAY.
|
| PolicyOutcome |
- Type
- picklist
- Properties
- Nillable, Restricted picklist
- Description
- The result of the transaction policy. Possible values are:
-
Error - The
policy caused an undefined error when it
executed.
-
NoAction -
The policy didn't trigger.
-
Notified -
A notification was sent to the recipient.
|
| ReplayId |
- Type
- string
- Properties
- Nillable
- Description
- Represents an ID value that is populated by the system
and refers to the position of the event in the event stream. Replay ID values
aren’t guaranteed to be contiguous for consecutive events. A subscriber can
store a replay ID value and use it on resubscription to retrieve missed events
that are within the retention window.
|
| Score |
- Type
- double
- Properties
- Nillable
- Description
- Indicates that a user successfully logged into
Salesforce during an identified credential stuffing
attack. The value of this field is always 1.
|
| SessionKey |
- Type
- string
- Properties
- Nillable
- Description
- The user’s unique session ID. Use this value to identify
all user events within a session. When a user logs out and logs in again, a new
session is started. For example, vMASKIU6AxEr+Op5.
|
| SourceIp |
- Type
- string
- Properties
- Nillable
- Description
- The source IP address of the unauthorized user that
successfully logged in after the credential stuffing
attack. For example, 126.7.4.2.
|
| Summary |
- Type
- textarea
- Properties
- Nillable
- Description
- A text summary of the threat that caused this event to
be created.
- Example
- Successful login from
Credential Stuffing attack.
|
| UserAgent |
- Type
- textarea
- Properties
- Nillable
- Description
- The User-Agent header of the HTTP request of the
unauthorized login. For example, Mozilla/5.0 (Macintosh; Intel
Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/78.0.3904.108
Safari/537.36.
|
| UserId |
- Type
- reference
- Properties
- Nillable
- Description
- The origin user’s unique ID. For example, 005000000000123.
|
| Username |
- Type
- string
- Properties
- Nillable
- Description
- The origin username in the format of user@company.com at the
time the event was created.
|
j