AcceptLanguage |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- List of HTTP Headers that specify the natural language,
such as English, that the client understands.
- Example
- zh, en-US;q=0.8,
en;q=0.6
|
CredentialStuffingEventNumber |
- Type
- string
- Properties
- Autonumber, Defaulted on create, Filter, idLookup,
Sort
- Description
- The
unique number automatically assigned to the event when
it's created. You can't change the
format or value for this field.
|
EvaluationTime |
- Type
- double
- Properties
- Filter, Nillable, Sort
- Description
- The amount of time it took to evaluate the policy in milliseconds. This field isn’t
populated until all transaction security policies are
processed for the real-time event.
|
EventDate |
- Type
- dateTime
- Properties
- Filter, Sort
- Description
- Required. The time when the hijacking event was
reported. For example, 2020-01-20T19:12:26.965Z. Milliseconds are
the most granular setting.
|
EventIdentifier |
- Type
- string
- Properties
- Filter, Group, Sort
- Description
- Required. The unique ID of the event. For example,
0a4779b0-0da1-4619-a373-0a36991dff90.
|
LastReferencedDate |
- Type
- dateTime
- Properties
- Filter, Nillable, Sort
- Description
- The timestamp for when the current user last viewed a
record related to this record.
|
LastViewedDate |
- Type
- dateTime
- Properties
- Filter, Nillable, Sort
- Description
- The timestamp for when the current user last viewed this
record. If this value is null, it’s possible that this
record was referenced
(LastReferencedDate) and not
viewed.
|
LoginKey |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The string that ties together all events in a given user’s
login session. The session starts with a login event and ends with either a
logout event or the user session expiring. For example, lUqjLPQTWRdvRG4.
|
LoginType |
- Type
- picklist
- Properties
- Filter, Group, Nillable, Restricted picklist, Sort
- Description
- The type of login used to access the session. See the
LoginType field of LoginHistory in the Object Reference guide
for the list of possible values.
|
LoginUrl |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The URL of the login page. For example, MyDomainName.my.salesforce.com.
|
PolicyId |
- Type
- reference
- Properties
- Filter, Group, Nillable, Sort
- Description
- The ID of the transaction policy associated with this event. For example,
0NIB000000000KOOAY. This field isn’t populated until all
transaction security policies are processed for the
real-time event.
|
PolicyOutcome |
- Type
- picklist
- Properties
- Filter, Group, Nillable, Restricted picklist, Sort
- Description
- The result of the transaction policy. Possible values are:
-
Error - The
policy caused an undefined error when it
executed.
-
ExemptNoAction—The user is exempt
from transaction security policies, so the policy
didn’t trigger.
-
MeteringBlock—The policy took
longer than 3 seconds to process, so the user was
blocked from performing the operation.
-
MeteringNoAction—The policy took
longer than 3 seconds to process, but the user
isn't blocked from performing the operation.
-
NoAction -
The policy didn't trigger.
-
Notified -
A notification was sent to the recipient.
This field isn’t populated until all transaction
security policies are processed for the real-time
event.
|
Score |
- Type
- double
- Properties
- Filter, Nillable, Sort
- Description
- Indicates that a user successfully logged into
Salesforce during an identified credential stuffing
attack. The value of this field is always 1.
|
SessionKey |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The user’s unique session ID. Use this value to identify
all user events within a session. When a user logs out and logs in again, a new
session is started. For example, vMASKIU6AxEr+Op5.
|
SourceIp |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The source IP address of the unauthorized user that
successfully logged in after the credential stuffing
attack. For example, 126.7.4.2.
|
Summary |
- Type
- textarea
- Properties
- Nillable
- Description
- A text summary of the threat that caused this event to
be created.
- Example
- Successful login from
Credential Stuffing attack.
|
UserAgent |
- Type
- textarea
- Properties
- Nillable
- Description
- The User-Agent header of the HTTP request of the
unauthorized login. For example, Mozilla/5.0 (Macintosh; Intel
Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/78.0.3904.108
Safari/537.36.
|
UserId |
- Type
- reference
- Properties
- Filter, Group, Nillable, Sort
- Description
- The origin user’s unique ID. For example, 005000000000123.
|
Username |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The origin username in the format of user@company.com at the
time the event was created.
|