TenantSecurityApiAnomaly

Stores detected anomalies in how users typically make API calls. Fore more information, see Threat Detection. This object is available to Security Center subscribers in API version 53.0 and later.

Threat Detection is available only for Event Monitoring subscribers.

Note

Supported Calls

describeSObjects(), getDeleted(), getUpdated(), query(), retrieve()

Special Access Rules

This object is read-only.

Fields

Field	Details
DetailIdentifier	Type string Properties Filter, Group, idLookup, Sort Description The ID of the individual detail record. This field is unique within your org.
EventDate	Type dateTime Properties Filter, Nillable, Sort Description The time when the anomaly was reported. For example, 2020-01-20T19:12:26.965Z. The most granular setting is milliseconds.
EventIdentifier	Type string Properties Filter, Group, idLookup, Nillable, Sort Description The unique ID of the event, which is shared with the corresponding storage object.
EventName	Type string Properties Filter, Group, idLookup, Nillable, Sort Description The name of the event, which is Api Anomaly.
MetricIdentifier	Type string Properties Filter, Group, Sort Description The ID of the type of metric that was counted.
MetricsType	Type picklist Properties Filter, Group, Restricted picklist, Sort Description The type of data collected.
Name	Type string Properties Filter, Group, idLookup, Sort Description The name of the metric for the data collected.
Operation	Type string Properties Filter, Group, Nillable, Sort Description The API call that generated the event. For example, Query.
QueriedEntities	Type textarea Properties Nillable Description The type of entities associated with the event.
RequestIdentifier	Type string Properties Filter, Group, Nillable, Sort Description The unique ID of a single transaction. A transaction can contain one or more events.
RowsProcessed	Type double Properties Filter, Nillable, Sort Description Total row count for the current operation.
Score	Type double Properties Filter, idLookup, Nillable, Sort Description A number from 0 through 100 that represents the anomaly score for the API execution or export tracked by this event. The anomaly score shows how the current API activity differs from the user’s typical activity. A low score indicates that the user’s current API activity is similar to the usual activity, and a high score indicates that it’s different.
SecurityEventData	Type textarea Properties Nillable Description The set of features about the API activity that triggered this anomaly event. For example, a user typically downloads 10 accounts at a time but then deviates from that pattern and downloads 1,000 accounts. This event is triggered, and the contributing features are captured in this field. Potential features include row count, column count, average row size, day of week, and the browser’s user agent used for the report activity. The data captured also shows how much as a percentage that the feature contributed to triggering this anomaly event. The data is in JSON format.
Summary	Type textarea Properties Nillable Description A text summary of the API anomaly that caused this event.
Tenant	Type string Properties Filter, Group, idLookup, Sort Description The ID of the tenant that was targeted in the event.
TenantName	Type string Properties Filter, Group, idLookup, Nillable, Sort Description The name of the tenant that was targeted in the event.
Uri	Type string Properties Filter, Group, Nillable, Sort Description The URI of the page that’s receiving the request. For example: /home/home.jsp.
UserAgent	Type textarea Properties Nillable Description UserAgent used in the HTTP request, post-processed by the server.
UserIdentifier	Type string Properties Filter, Group, Nillable, Sort Description The origin user’s unique ID.
Username	Type string Properties Filter, Group, idLookup, Nillable, Sort Description The origin username in the format of user@company.com at the time that the event was created.

Associated Objects

This object has these associated objects. If the API version isn’t specified, it’s available in the same API versions as this object. Otherwise, it’s available in the specified API version and later.

TenantSecurityApiAnomalyChangeEvent: Change events are available for the object.
TenantSecurityApiAnomalyFeed: Feed tracking is available for the object.
TenantSecurityApiAnomalyHistory: History is available for tracked fields of the object.
TenantSecurityApiAnomalyOwnerSharingRule: Sharing rules are available for the object.
TenantSecurityApiAnomalyShare: Sharing is available for the object.

Login

Products

Experiences

Agentforce

CRM Products

Industries

Small Business

Data

Salesforce Platform

Customer Success

Partner Apps & Experts

Discover the #1 AI CRM

Discover the #1 AI CRM

Automotive

Communications

Engineering, Construction & Real Estate

Consumer Goods

Education

Energy & Utilities

Financial Services

Healthcare & Life Sciences

Manufacturing

Media

Nonprofit

Professional Services

Public Sector

Retail

Technology

Travel, Transportation & Hospitality

Explore Salesforce for industries.

Explore Salesforce for industries.

Customer Stories

Salesforce on Salesforce Stories

Trailblazer Stories

Explore success stories.

Explore success stories.

Learning on Trailhead

Events

Resources

Blogs

Become a Trailblazer.

Become a Trailblazer.

Help & Documentation

Communities

Services & Plans

Your Account

Questions? We can help.

Questions? We can help.

About Salesforce

Our Values

Our Impact

Careers

Newsroom

Legal

More Salesforce Brands

Hear our story.

Hear our story.

Events

Original Series

My List

Explore Salesforce+.

Explore Salesforce+.

Login

Products

Experiences

Contact Us

By phone

Online

Products

Experiences

Developer Centers

Salesforce Platform

Industries

Resources

Developer Tools

Build Skills

Extend Salesforce

Stay Up To Date

Community

Object Reference for the Salesforce Platform