Platform Events Developer Guide

Platform Events Developer Guide
Delivering Custom Notifications with Platform Events
Defining Your Custom Platform Event
Publishing Platform Events
Subscribing to Platform Events
Testing Your Platform Event in Apex
Encrypting Platform Event Messages at Rest in the Event Bus
Monitor Platform Event Publishing and Delivery Usage
Considerations
Examples
Reference
Platform Event Allocations
EventBusSubscriber
EventBus Class
Platform Event Error Status Codes
TriggerContext Class
Standard Platform Event Objects
Change Data Capture Events
Standard Platform Event Object List
AIPredictionEvent
AIUpdateRecordEvent
AppointmentSchedulingEvent
AssetCancelInitiatedEvent
AssetAmendInitiatedEvent
AssetRenewInitiatedEvent
AssetTokenEvent
BatchApexErrorEvent
BillingScheduleCreatedEvent
CommerceDiagnosticEvent
ConsentEvent
ConsentUnsubscribeAllEvent
CreateAssetOrderEvent
CreditInvoiceProcessedEvent
CreditMemoProcessedEvent
DataObjectDataChgEvent
DataObjectMetadataChgEvent
DatasetExportEvent
DiscoveryPredictionEvent
FirstBillPaymentSetupEvent
FlowExecutionErrorEvent
FlowOrchestrationEvent
FOStatusChangedEvent
FulfillOrdItemQtyChgEvent
InvoiceProcessedEvent
NegInvcLineProcessedEvent
OmniTrackingEvent
OrderStatusChangedEvent
OrderSummaryCreatedEvent
OrderSumStatusChangedEvent
PaymentCreationEvent
PendingOrdSumProcEvent
PlatformStatusAlertEvent
ProcessExceptionEvent
QuoteSaveEvent
QuoteToOrderCompletedEvent
RealtimeAlertEvent
RemoteKeyCalloutEvent
ServiceAppointmentEvent
VoidInvoiceProcessedEvent
WebStoreUserCreatedEvent
Real-Time Event Monitoring Objects
ApiAnomalyEvent
ApiAnomalyEventStore
ApiEvent
ApiEventStream
BulkApiResultEvent
BulkApiResultEventStore
ConcurLongRunApexErrEvent
CredentialStuffingEvent
CredentialStuffingEventStore
CreditInvoiceProcessedEvent
CreditMemoProcessedEvent
CrMemoProcessErrDtlEvent
GuestUserAnomalyEvent
GuestUserAnomalyEventStore
PaymentCreationEvent
VoidInvoiceProcessedEvent
FileEvent
FileEventStore
IdentityProviderEventStore
IdentityVerificationEvent
LightningUriEvent
LightningUriEventStream
ListViewEvent
ListViewEventStream
LoginAsEvent
LoginAsEventStream
LoginEvent
LoginEventStream
LogoutEvent
LogoutEventStream
MobileEmailEvent
MobileEnforcedPolicyEvent
MobileScreenshotEvent
MobileTelephonyEvent
PermissionSetEvent
PermissionSetEventStore
ReportAnomalyEvent
ReportAnomalyEventStore
ReportEvent
ReportEventStream
SessionHijackingEvent
SessionHijackingEventStore
UriEvent
UriEventStream
PDF

Newer Version Available

This content describes an older version of this product. View Latest

ReportAnomalyEventStore

Tracks anomalies in how users run or export reports, including unsaved reports. ReportAnomalyEventStore is an object that stores the event data of ReportAnomalyEvent. This object is available in API version 49.0 and later.

Supported Calls

describeLayout()describeSObjects(), getDeleted(), getUpdated(), query()

Special Access Rules

Accessing this object requires either the Salesforce Shield or Event Monitoring add-on subscription and the View Real-Time Event Monitoring Data user permission.

Fields

Field Details
EvaluationTime
Type
double
Properties
Filter, Nillable, Sort
Description
The amount of time it took to evaluate the policy in milliseconds.
EventDate
Type
dateTime
Properties
Filter, Sort
Description
Required. The time when the anomaly was reported. For example, 2020-01-20T19:12:26.965Z. Milliseconds are the most granular setting.
EventIdentifier
Type
string
Properties
Filter, Group, Sort
Description
Required. The unique ID of the event. For example, 0a4779b0-0da1-4619-a373-0a36991dff90.
LastReferencedDate
Type
dateTime
Properties
Filter, Nillable, Sort
Description
The timestamp for when the current user last viewed a record related to this record.
LastViewedDate
Type
dateTime
Properties
Filter, Nillable, Sort
Description
The timestamp for when the current user last viewed this record. If this value is null, it’s possible that this record was referenced (LastReferencedDate) and not viewed.
LoginKey
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The string that ties together all events in a given user’s login session. The session starts with a login event and ends with either a logout event or the user session expiring. For example, lUqjLPQTWRdvRG4.
PolicyId
Type
reference
Properties
Filter, Group, Nillable, Sort
Description
The ID of the transaction policy associated with this event. For example, 0NIB000000000KOOAY.
PolicyOutcome
Type
picklist
Properties
Filter, Group, Nillable, Restricted picklist, Sort
Description
The result of the transaction policy. Possible values are:
  • Error - The policy caused an undefined error when it executed.
  • ExemptNoAction—The user is exempt from transaction security policies, so the policy didn’t trigger.
  • MeteringBlock—The policy took longer than 3 seconds to process, so the user was blocked from performing the operation.
  • MeteringNoAction—The policy took longer than 3 seconds to process, but the user isn't blocked from performing the operation.
  • NoAction - The policy didn't trigger.
  • Notified - A notification was sent to the recipient.
Report
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The report ID for the report for which this anomaly event was detected. For example, 00OD0000001leVCMAY.

If this anomaly resulted from a user executing an unsaved report, the value of this field is null.
ReportAnomalyEventNumber
Type
string
Properties
Autonumber, Defaulted on create, Filter, idLookup, Sort
Description
The unique number automatically assigned to the event when it's created. You can't change the format or value for this field.
Score
Type
double
Properties
Filter, Nillable, Sort
Description
A number from 0 through 100 that represents the anomaly score for the report execution or export tracked by this event. The anomaly score shows how the user's current report activity is different from their typical activity. A low score indicates that the user's current report activity is similar to their usual activity, a high score indicates that it's different.
SecurityEventData
Type
textarea
Properties
Nillable
Description
The set of features about the report activity that triggered this anomaly event. See the Threat Detection documentation for the list of possible features.

Let’s say, for example, that a user typically downloads 10 accounts but then they deviate from that pattern and download 1,000 accounts. This event is triggered and the contributing features are captured in this field. Potential features include row count, column count, average row size, the day of week, and the browser’s user agent used for the report activity. The data captured in this field also shows how much a particular feature contributed to this anomaly event being triggered, represented as a percentage. The data is in JSON format.

Example
This example shows that the average row count contributed more than 95% to the anomaly being triggered. Other anomalous attributes, such as the autonomous system, day of the week the report was run, the browser used, and the number of columns, contributed much less.
1[
2{
3"featureName": "rowCount",
4"featureValue": "1937568",
5"featureContribution": “95.00 %"
6},
7{
8"featureName": "autonomousSystem",
9"featureValue": "Bigleaf Networks, Inc.",
10"featureContribution": “1.62 %"
11},
12{
13"featureName": "dayOfWeek",
14"featureValue": "Sunday",
15"featureContribution": “1.42 %"
16},
17{
18"featureName": "userAgent",
19"featureValue": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36}",
20"featureContribution": “1.21 %"
21},
22{
23"featureName": "periodOfDay",
24"featureValue": “Evening”,
25"featureContribution": “.09 %"
26},
27{
28"featureName": "averageRowSize",
29"featureValue": "744",
30"featureContribution": “0.08 %"
31},
32{
33"featureName": "screenResolution",
34"featureValue": "900x1440",
35"featureContribution": “0.07 %"
36}
37]
SessionKey
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The user’s unique session ID. Use this value to identify all user events within a session. When a user logs out and logs in again, a new session is started. For example, vMASKIU6AxEr+Op5.
SourceIp
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The source IP address of the client that logged in. For example, 126.7.4.2. Session information contained in the fields SessionKey, LoginKey, SessionLevel, and SourceIp isn’t captured in any report resulting from an asynchronous operation.
Summary
Type
textarea
Properties
Nillable
Description
A text summary of the report anomaly that caused this event to be created.
Example
  • Report was exported from an infrequent network (BigLeaf Networks Inc.)
  • Report was generated with an unusually high number of rows (111141)
UserId
Type
reference
Properties
Filter, Group, Nillable, Sort
Description
The origin user’s unique ID. For example, 005000000000123.
Username
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The origin username in the format of user@company.com at the time the event was created.

Associated Object

This object has the following associated object. It’s available in the same API version as this object.

ReportAnomalyEventStoreFeed
Feed tracking is available for the object.