| DetailIdentifier |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The ID of the individual detail record. This field is unique
within your org.
|
| EventDate |
- Type
- dateTime
- Properties
- Filter, Nillable, Sort
- Description
- The time when the anomaly was reported. For example,
2020-01-20T19:12:26.965Z. The most granular setting is
milliseconds.
|
| EventIdentifier |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The unique ID of the event, which is shared with the corresponding
storage object.
|
| EventName |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The name of the event, which is Api Anomaly.
|
| MetricIdentifier |
- Type
- string
- Properties
- Filter, Group, Sort
- Description
- The ID of the type of metric that was counted.
|
| MetricsType |
- Type
- picklist
- Properties
- Filter, Group, Restricted picklist, Sort
- Description
- The type of data collected.
|
| Name |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The name of the metric for the data collected.
|
| Operation |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The API call that generated the event. For example, Query.
|
| QueriedEntities |
- Type
- textarea
- Properties
- Nillable
- Description
- The type of entities associated with the event.
|
| RequestIdentifier |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The unique ID of a single transaction. A transaction can contain
one or more events.
|
| RowsProcessed |
- Type
- double
- Properties
- Filter, Nillable, Sort
- Description
- Total row count for the current operation.
|
| Score |
- Type
- double
- Properties
- Filter, idLookup, Nillable, Sort
- Description
- A number from 0 through 100 that represents the anomaly score for
the API execution or export tracked by this event. The anomaly
score shows how the current API activity differs from the user’s
typical activity. A low score indicates that the user’s current API
activity is similar to the usual activity, and a high score
indicates that it’s different.
|
| SecurityEventData |
- Type
- textarea
- Properties
- Nillable
- Description
- The set of features about the API activity that triggered this
anomaly event. See the Threat Detection
documentation for the possible features. For example, a
user typically downloads 10 accounts at a time but then deviates
from that pattern and downloads 1,000 accounts. This event is
triggered, and the contributing features are captured in this
field. Potential features include row count, column count, average
row size, day of week, and the browser’s user agent used for the
report activity. The data captured also shows how much as a
percentage that the feature contributed to triggering this anomaly
event. The data is in JSON format.
|
| Summary |
- Type
- textarea
- Properties
- Nillable
- Description
- A text summary of the API anomaly that caused this event.
|
| Tenant |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The ID of the tenant that was targeted in the event.
|
| TenantName |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The name of the tenant that was targeted in the event.
|
| Uri |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The URI of the page that’s receiving the request. For example:
/home/home.jsp.
|
| UserAgent |
- Type
- textarea
- Properties
- Nillable
- Description
- UserAgent
used in the HTTP request, post-processed by the server.
|
| UserIdentifier |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The origin user’s unique ID.
|
| Username |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The origin username in the format of user@company.com at the time
that the event was created.
|
j