GuestUserAnomalyEvent

Tracks data access anomalies that are caused by guest user permission misconfiguration. This object is available in API version 60.0 and later.

Supported Calls

describeSObjects()

Special Access Rules

Accessing this object requires either the Salesforce Shield or Event Monitoring add-on subscription and the View Real-Time Event Monitoring Data user permission.

Supported Subscribers

Subscriber Supported?
Apex Triggers
Flows Yes
Processes
Pub/Sub API Yes
Streaming API (CometD) Yes

Event Delivery Allocation Enforced

No

Fields

Field Details
EvaluationTime
Type
double
Properties
Nillable
Description
The amount of time it took to evaluate the policy in milliseconds.
EventDate
Type
dateTime
Properties
Nillable
Description
A date value that represents the aggregate timeframe when the guest user's actions occurred.
EventIdentifier
Type
string
Properties
Nillable
Description
The unique ID of the event, which is shared with the corresponding storage object.
EventUuid
Type
string
Properties
Nillable
Description
A universally unique identifier (UUID) that identifies a platform event message.
LoginKey
Type
string
Properties
Nillable
Description
The string that ties together all events in a given user’s login session. The session starts with a login event and ends with either a logout event or the user session expiring. For example, lUqjLPQTWRdvRG4.
PolicyId
Type
reference
Properties
Nillable
Description
The ID of the transaction policy associated with this event. For example, 0NIB000000000KOOAY.
Relationship Name
Policy
Relationship Type
Lookup
Refers To
TransactionSecurityPolicy
PolicyOutcome
Type
picklist
Properties
Nillable, Restricted picklist
Description
The result of the transaction policy. Possible values include:
  • Error—The policy caused an undefined error when it was executed.
  • ExemptNoAction—The user is exempt from transaction security policies, so the policy didn’t trigger.
  • MeteringBlock—The policy took longer than 3 seconds to process, so the user was blocked from performing the operation.
  • MeteringNoAction—The policy took longer than 3 seconds to process, but the user isn't blocked from performing the operation.
  • NoAction—The policy didn't trigger.
  • Notified—A notification was sent to the recipient.
ReplayId
Type
string
Properties
Nillable
Description
Represents an ID value that is populated by the system and refers to the position of the event in the event stream. Replay ID values aren’t guaranteed to be contiguous for consecutive events. A subscriber can store a replay ID value and use it on resubscription to retrieve missed events that are within the retention window.
RequestedEntities
Type
textarea
Properties
Nillable
Description
Objects queried by the guest user. For example:
[\" Topic \"].
Score
Type
double
Properties
Nillable
Description
Specifies how significantly the guest user behavior deviates from the other guest users. It’s formatted as a number between 0 and 1.
SecurityEventData
Type
textarea
Properties
Nillable
Description
The content data of the security event. This field is reserved for future use.
SessionKey
Type
string
Properties
Nillable
Description
The user’s unique session ID. Use this value to identify all user events within a session.
SoqlCommands
Type
textarea
Properties
Nillable
Description
SOQL commands run by the guest user.
SourceIp
Type
string
Properties
Nillable
Description
The source IP address of the client that logged in. For example, 126.7.4.2.
Summary
Type
textarea
Properties
Nillable
Description
A text summary of the threat that caused this event to be created. The summary lists the browser fingerprint features that most contributed to the threat detection along with their contribution to the total score.
TotalControllerEvents
Type
int
Properties
Nillable
Description
The number of times controllers were triggered.
UserAgent
Type
string
Properties
Nillable
Description
User Agent for this event.
UserId
Type
reference
Properties
Nillable
Description
The origin user’s unique ID. For example, 005000000000123.
This field is a polymorphic relationship field.
Relationship Name
User
Relationship Type
Lookup
Refers To
User
Username
Type
string
Properties
Nillable
Description
The origin username in the format of user@company.com at the time the event was created.
UserType
Type
string
Properties
Nillable
Description
Type of user of this event. For example, a guest user.