| CurrentIp |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The IP address of the observed fingerprint that deviates from the
previous fingerprint. The difference between the current and
previous values is one indicator that a session hijacking attack
has occurred. If the IP address didn’t contribute to the observed
fingerprint deviation, the value of this field is the same as the
PreviousIp field.
|
| CurrentPlatform |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The platform of the observed fingerprint that deviates from the
previous fingerprint. The difference between the current and
previous values is one indicator that a session hijacking attack
has occurred. If the platform didn’t contribute to the observed
fingerprint deviation, the value of this field is the same as the
PreviousPlatform field.
|
| CurrentScreen |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The screen of the observed fingerprint that deviates from the
previous fingerprint. The difference between the current and
previous values is one indicator that a session hijacking attack
has occurred. If the screen didn’t contribute to the observed
fingerprint deviation, the value of this field is the same as the
PreviousScreen
field.
|
| CurrentUserAgent |
- Type
- textarea
- Properties
- Nillable
- Description
- The user agent of the observed fingerprint that deviates from the
previous fingerprint. The difference between the current and
previous values is one indicator that a session hijacking attack
has occurred. If the user agent didn’t contribute to the observed
fingerprint deviation, the value of this field is the same as the
PreviousUserAgent
field.
|
| CurrentWindow |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The browser window of the observed fingerprint that deviates from
the previous fingerprint. The difference between the current and
previous values is one indicator that a session hijacking attack
has occurred. If the window didn’t contribute to the observed
fingerprint deviation, the value of this field is the same as the
PreviousWindow
field.
|
| DetailIdentifier |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The ID of the individual detail record. This field is unique
within your org.
|
| EventDate |
- Type
- dateTime
- Properties
- Filter, Nillable, Sort
- Description
- The date when the hijacking event was reported. For example,
2020-01-20T19:12:26.965Z. The most granular setting is
milliseconds.
|
| EventIdentifier |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The unique ID of the event.
|
| EventName |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The name of the event, which is Session Hijacking.
|
| MetricIdentifier |
- Type
- string
- Properties
- Filter, Group, Sort
- Description
- The ID of the type of metric that was counted.
|
| MetricsType |
- Type
- picklist
- Properties
- Filter, Group, Restricted picklist, Sort
- Description
- The type of data being collected.
|
| Name |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The name of the metric for which data is being collected.
|
| PreviousIp |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The IP address of the previous fingerprint. The difference between
the current and previous values is one indicator that a session
hijacking attack has occurred. See the CurrentIp field for the newly
observed IP address.
|
| PreviousPlatform |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The platform of the previous fingerprint. The difference between
the current and previous values is one indicator that a session
hijacking attack has occurred. See the CurrentPlatform field for the
newly observed platform.
|
| PreviousScreen |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The screen of the previous fingerprint. The difference between the
current and previous values is one indicator that a session
hijacking attack has occurred. See the CurrentScreen field for the newly
observed screen.
|
| PreviousUserAgent |
- Type
- textarea
- Properties
- Nillable
- Description
- The user agent of the previous fingerprint. The difference between
the current and previous values is one indicator that a session
hijacking attack has occurred. See the CurrentUserAgent field for the
newly observed user agent.
|
| PreviousWindow |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The browser window of the previous fingerprint. The difference
between the current and previous values is one indicator that a
session hijacking attack has occurred. See the CurrentWindow field for the newly
observed window.
|
| Score |
- Type
- double
- Properties
- Filter, idLookup, Nillable, Sort
- Description
- Specifies how much the new fingerprint deviates from the previous
one. The score is from 6.0 through 21.0. The event exposes five
field pairs (such as CurrentIp and PreviousIp) to view the before and after data for
browser features that contributed to this anomaly. See the
SecurityEventData field
for all contributing features in JSON format. A large deviation
score (6.0 or more) between two intra-session fingerprints
indicates that two different browsers are active in the same
session. The presence of two active browsers usually means that
session hijacking has occurred.
|
| SecurityEventData |
- Type
- textarea
- Properties
- Nillable
- Description
- The set of browser fingerprint features that triggered this event.
See the Threat Detection
documentation for the possible features. For example, a
user’s current browser fingerprint diverges from the previously
known fingerprint. If Salesforce concludes the user’s session was
hijacked, it fires this event, and the contributing features are
captured in this field in JSON format. Each feature describes a
browser fingerprint property, such as the browser user agent,
window, or platform. The data includes the current and previous
values for each feature.
|
| Summary |
- Type
- textarea
- Properties
- Nillable
- Description
- A text summary of the threat that caused this event. The summary
lists the browser fingerprint features that most contributed to the
threat detection, along with their contribution to the total
score.
|
| Tenant |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The ID of the tenant that was targeted in the event.
|
| TenantName |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The name of the tenant that was targeted in the event.
|
| UserIdentifier |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The origin user’s unique ID.
|
| Username |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The origin username in the format of user@company.com at the time
that the event was created.
|