| DetailIdentifier |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The ID of the detail record. This field is unique within your
org.
|
| EventDate |
- Type
- dateTime
- Properties
- Filter, Nillable, Sort
- Description
- The date when the hijacking event was reported. For example,
2020-01-20T19:12:26.965Z. The most granular setting is
milliseconds.
|
| EventIdentifier |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The unique ID of the event.
|
| EventName |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The name of the event, which is Report Anomaly.
|
| MetricIdentifier |
- Type
- string
- Properties
- Filter, Group, Sort
- Description
- The ID of the type of metric that was counted.
|
| MetricsType |
- Type
- picklist
- Properties
- Filter, Group, Restricted picklist, Sort
- Description
- The type of data being collected.
|
| Name |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The name of the metric for which data is being collected.
|
| Report |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The ID for the report for which this anomaly event was detected.
If the anomaly resulted from a user executing an unsaved report,
the value of this field is null.
|
| Score |
- Type
- double
- Properties
- Filter, idLookup, Nillable, Sort
- Description
- A number from 0 through 100 that represents the anomaly score for
the report execution or export tracked by this event. The anomaly
score indicates how the user’s current report activity differs from
their typical activity. A low score indicates that the current
report activity is similar to the user’s usual activity. A high
score indicates that it’s different.
|
| SecurityEventData |
- Type
- textarea
- Properties
- Nillable
- Description
- The set of features about the report activity that triggered this
anomaly event. See the Threat Detection
documentation for the possible features. For example, a
user typically downloads 10 accounts at a time, but then deviates
from that pattern and downloads 1,000 accounts. This event is
triggered, and the contributing features are captured in this
field. Potential features include row count, column count, average
row size, day of week, and the browser’s user agent used for the
report activity. The data captured also shows as a percentage how
much a particular feature contributed to this anomaly event. The
data is in JSON format.
|
| Summary |
- Type
- textarea
- Properties
- Nillable
- Description
- A text summary of the report anomaly that caused this event.
|
| Tenant |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The ID of the tenant that was targeted in the event.
|
| TenantName |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The name of the tenant that was targeted in the event.
|
| UserIdentifier |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The origin user’s unique ID.
|
| Username |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The origin username in the format of user@company.com at the time
the event was created.
|