Newer Version Available

This content describes an older version of this product. View Latest

TenantSecurityCredentialStuffing

Tracks when a user successfully logs into Salesforce during an identified credential stuffing attack. Credential stuffing refers to large-scale automated login requests using stolen user credentials. This object stores information about Threat Detection events within connected tenants in Security Center. This object is available in API version 53.0 and later.

Supported Calls

describeSObjects(), getDeleted(), getUpdated(), query(), retrieve()

Fields

Field Details
AcceptLanguage
Type
string
Properties
Filter, Group, Nillable, Sort
Description
List of HTTP Headers that specify the natural language, such as English, that the client understands.
DetailIdentifier
Type
string
Properties
Filter, Group, idLookup, Sort
Description
The ID of the individual detail record. This field is unique within your organization.
EventDate
Type
dateTime
Properties
Filter, Nillable, Sort
Description
The date when the hijacking event was reported. For example, 2020-01-20T19:12:26.965Z. Milliseconds are the most granular setting.
EventIdentifier
Type
string
Properties
Filter, Group, idLookup, Nillable, Sort
Description
The unique ID of the event. For example, 0a4779b0-0da1-4619-a373-0a36991dff90.
EventName
Type
string
Properties
Filter, Group, idLookup, Nillable, Sort
Description
The name of the event, which is Credential Stuffing.
LoginType
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The type of login used to access the session. See the LoginType field of LoginHistory in the Object Reference guide for the list of possible values.
LoginUrl
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The URL of the login page. For example, login.salesforce.com.
MetricIdentifier
Type
string
Properties
Filter, Group, Sort
Description
The ID of the type of metric that was counted.
MetricsType
Type
picklist
Properties
Filter, Group, Restricted picklist, Sort
Description
The type of data being collected.
Name
Type
string
Properties
Filter, Group, idLookup, Sort
Description
The name of the metric for which data is being collected.
Score
Type
double
Properties
Filter, idLookup, Nillable, Sort
Description
Indicates that a user successfully logged into Salesforce during an identified credential stuffing attack. The value of this field is always 1.
Summary
Type
textarea
Properties
Nillable
Description
A text summary of the threat that caused this event to be created.
Tenant
Type
string
Properties
Filter, Group, idLookup, Sort
Description
The ID of the tenant that was targeted in the event.
TenantName
Type
string
Properties
Filter, Group, idLookup, Nillable, Sort
Description
The name of the tenant that was targeted in the event.
UserAgent
Type
textarea
Properties
Nillable
Description
UserAgent used in HTTP request, post-processed by the server.
UserIdentifier
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The origin user’s unique ID. For example, 005000000000123.
Username
Type
string
Properties
Filter, Group, idLookup, Nillable, Sort
Description
The origin username in the format of user@company.com at the time the event was created.