| DetailIdentifier |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The ID of the individual detail record. This field is unique
within your organization.
|
| EventDate |
- Type
- dateTime
- Properties
- Filter, Nillable, Sort
- Description
- The date when the hijacking event was reported. For example,
2020-01-20T19:12:26.965Z. Milliseconds are the most granular
setting.
|
| EventIdentifier |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The unique ID of the event. For example,
0a4779b0-0da1-4619-a373-0a36991dff90.
|
| EventName |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The name of the event, which is Report Anomaly.
|
| MetricIdentifier |
- Type
- string
- Properties
- Filter, Group, Sort
- Description
- The ID of the type of metric that was counted.
|
| MetricsType |
- Type
- picklist
- Properties
- Filter, Group, Restricted picklist, Sort
- Description
- The type of data being collected.
|
| Name |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The name of the metric for which data is being collected.
|
| Report |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The report ID for the report for which this anomaly event was
detected. For example, 00OD0000001leVCMAY. If this anomaly resulted
from a user executing an unsaved report, the value of this field is
null.
|
| Score |
- Type
- double
- Properties
- Filter, idLookup, Nillable, Sort
- Description
- A number from 0 through 100 that represents the anomaly score for
the report execution or export tracked by this event. The anomaly
score shows how the user's current report activity is different
from their typical activity. A low score indicates that the user's
current report activity is similar to their usual activity, a high
score indicates that it's different.
|
| SecurityEventData |
- Type
- textarea
- Properties
- Nillable
- Description
- The set of features about the report activity that triggered this
anomaly event. See the Threat Detection
documentation for the list of possible features. Let’s
say, for example, that a user typically downloads 10 accounts but
then they deviate from that pattern and download 1,000 accounts.
This event is triggered and the contributing features are captured
in this field. Potential features include row count, column count,
average row size, the day of week, and the browser’s user agent
used for the report activity. The data captured in this field also
shows how much a particular feature contributed to this anomaly
event being triggered, represented as a percentage. The data is in
JSON format.
|
| Summary |
- Type
- textarea
- Properties
- Nillable
- Description
- A text summary of the report anomaly that caused this event to be
created.
|
| Tenant |
- Type
- string
- Properties
- Filter, Group, idLookup, Sort
- Description
- The ID of the tenant that was targeted in the event.
|
| TenantName |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The name of the tenant that was targeted in the event.
|
| UserIdentifier |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
- The origin user’s unique ID. For example, 005000000000123.
|
| Username |
- Type
- string
- Properties
- Filter, Group, idLookup, Nillable, Sort
- Description
- The origin username in the format of user@company.com at the time
the event was created.
|