Platform Events Developer Guide

Platform Events Developer Guide
Delivering Custom Notifications with Platform Events
Defining Your Custom Platform Event
Publishing Platform Events
Subscribing to Platform Events
Testing Your Platform Event in Apex
Encrypting Platform Event Messages at Rest in the Event Bus
Monitor Platform Event Publishing and Delivery Usage
Considerations
Examples
Reference
Platform Event Allocations
EventBusSubscriber
EventBus Class
Platform Event Error Status Codes
TriggerContext Class
Standard Platform Event Objects
Change Data Capture Events
Standard Platform Event Object List
AIPredictionEvent
AIUpdateRecordEvent
AppointmentSchedulingEvent
AssetCancelInitiatedEvent
AssetAmendInitiatedEvent
AssetRenewInitiatedEvent
AssetTokenEvent
BatchApexErrorEvent
BillingScheduleCreatedEvent
CommerceDiagnosticEvent
ConsentEvent
CreateAssetOrderEvent
CreditInvoiceProcessedEvent
CreditMemoProcessedEvent
DataObjectDataChgEvent
DataObjectMetadataChgEvent
DatasetExportEvent
DiscoveryPredictionEvent
FlowExecutionErrorEvent
FlowOrchestrationEvent
FOStatusChangedEvent
FulfillOrdItemQtyChgEvent
InvoiceProcessedEvent
NegInvcLineProcessedEvent
OrderStatusChangedEvent
OrderSummaryCreatedEvent
OrderSumStatusChangedEvent
PaymentCreationEvent
PendingOrdSumProcEvent
PlatformStatusAlertEvent
ProcessExceptionEvent
QuoteToOrderCompletedEvent
RealtimeAlertEvent
RemoteKeyCalloutEvent
VoidInvoiceProcessedEvent
Real-Time Event Monitoring Objects
ApiAnomalyEvent
ApiAnomalyEventStore
ApiEvent
ApiEventStream
BulkApiResultEvent
BulkApiResultEventStore
ConcurLongRunApexErrEvent
CredentialStuffingEvent
CredentialStuffingEventStore
CreditInvoiceProcessedEvent
CreditMemoProcessedEvent
CrMemoProcessErrDtlEvent
PaymentCreationEvent
VoidInvoiceProcessedEvent
FileEvent (Beta)
FileEventStore (Beta)
IdentityProviderEventStore
IdentityVerificationEvent
LightningUriEvent
LightningUriEventStream
ListViewEvent
ListViewEventStream
LoginAsEvent
LoginAsEventStream
LoginEvent
LoginEventStream
LogoutEvent
LogoutEventStream
MobileEmailEvent
MobileEnforcedPolicyEvent
MobileScreenshotEvent
MobileTelephonyEvent
PermissionSetEvent
PermissionSetEventStore
ReportAnomalyEvent
ReportAnomalyEventStore
ReportEvent
ReportEventStream
SessionHijackingEvent
SessionHijackingEventStore
UriEvent
UriEventStream
PDF

Newer Version Available

This content describes an older version of this product. View Latest

CredentialStuffingEvent

Tracks when a user successfully logs into Salesforce during an identified credential stuffing attack. Credential stuffing refers to large-scale automated login requests using stolen user credentials. This object is available in API version 49.0 and later.

Supported Calls

describeSObjects()

Supported Subscribers

Subscriber Supported?
Apex Triggers
Flows Yes
Processes
Pub/Sub API Yes
Streaming API (CometD) Yes

Subscription Channel

/event/CredentialStuffingEvent

Special Access Rules

Accessing this object requires either the Salesforce Shield or Event Monitoring add-on subscription and the View Real-Time Event Monitoring Data user permission.

Event Delivery Allocation Enforced

No

Fields

Field Details
AcceptLanguage
Type
string
Properties
Nillable
Description
List of HTTP Headers that specify the natural language, such as English, that the client understands.
Example
zh, en-US;q=0.8, en;q=0.6
EvaluationTime
Type
double
Properties
Nillable
Description
The amount of time it took to evaluate the policy in milliseconds.
EventDate
Type
dateTime
Properties
Nillable
Description
The time when the hijacking event was reported. For example, 2020-01-20T19:12:26.965Z. Milliseconds are the most granular setting.
EventIdentifier
Type
string
Properties
Nillable
Description
The unique ID of the event, which is shared with the corresponding storage object. For example, 0a4779b0-0da1-4619-a373-0a36991dff90. Use this field to correlate the event with its storage object.
EventUuid
Type
string
Properties
Nillable
Description
A universally unique identifier (UUID) that identifies a platform event message. This field is available in API version 52.0 and later.
LoginKey
Type
string
Properties
Nillable
Description
The string that ties together all events in a given user’s login session. The session starts with a login event and ends with either a logout event or the user session expiring. For example, lUqjLPQTWRdvRG4.
LoginType
Type
picklist
Properties
Nillable, Restricted picklist
Description
The type of login used to access the session. See the LoginType field of LoginHistory in the Object Reference guide for the list of possible values.
LoginUrl
Type
string
Properties
Nillable
Description
The URL of the login page. For example, MyDomainName.my.salesforce.com.
PolicyId
Type
reference
Properties
Nillable
Description
The ID of the transaction policy associated with this event. For example, 0NIB000000000KOOAY.
PolicyOutcome
Type
picklist
Properties
Nillable, Restricted picklist
Description
The result of the transaction policy. Possible values are:
  • Error - The policy caused an undefined error when it executed.
  • ExemptNoAction—The user is exempt from transaction security policies, so the policy didn’t trigger.
  • MeteringBlock—The policy took longer than 3 seconds to process, so the user was blocked from performing the operation.
  • MeteringNoAction—The policy took longer than 3 seconds to process, but the user isn't blocked from performing the operation.
  • NoAction - The policy didn't trigger.
  • Notified - A notification was sent to the recipient.
ReplayId
Type
string
Properties
Nillable
Description
Represents an ID value that is populated by the system and refers to the position of the event in the event stream. Replay ID values aren’t guaranteed to be contiguous for consecutive events. A subscriber can store a replay ID value and use it on resubscription to retrieve missed events that are within the retention window.
Score
Type
double
Properties
Nillable
Description
Indicates that a user successfully logged into Salesforce during an identified credential stuffing attack. The value of this field is always 1.
SessionKey
Type
string
Properties
Nillable
Description
The user’s unique session ID. Use this value to identify all user events within a session. When a user logs out and logs in again, a new session is started. For example, vMASKIU6AxEr+Op5.
SourceIp
Type
string
Properties
Nillable
Description
The source IP address of the unauthorized user that successfully logged in after the credential stuffing attack. For example, 126.7.4.2.
Summary
Type
textarea
Properties
Nillable
Description
A text summary of the threat that caused this event to be created.
Example
Successful login from Credential Stuffing attack.
UserAgent
Type
textarea
Properties
Nillable
Description
The User-Agent header of the HTTP request of the unauthorized login. For example, Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36.
UserId
Type
reference
Properties
Nillable
Description
The origin user’s unique ID. For example, 005000000000123.
Username
Type
string
Properties
Nillable
Description
The origin username in the format of user@company.com at the time the event was created.