Rob recently joined the company as a customer success representative. On Jan 15, 2019, Rob’s account was used to generate a report. Tony, the org’s Salesforce admin, noticed a ReportAnomalyEvent about this report generation activity.
Required Editions
Available in both Salesforce Classic (not available in all orgs) and Lightning
Experience.
Available in: Enterprise, Unlimited, and Developer
Editions
Requires Salesforce Shield or Salesforce Event Monitoring add-on
subscriptions.
The event contained this information.
ReportAnomalyEvent Field
Value
Score
96.4512
SourceIp
96.43.144.28
EventDate
2019-01-15T07:45:07.192Z
UserId
00530000009M945
Report
00OD0000001leVCMAY
SecurityEventData
(see next table)
The SecurityEventData field contained this information.
featureName
featureValue
featureContribution
rowCount
46008
58.65%
userAgent
-
30.23%
averageRowSize
1534
6.58%
browserCodecs
-
2.33%
acceptedLanguages
-
2.19%
Tony notices that the rowCount feature is a bit high for their org. The second-ranking
feature is userAgent with a feature contribution of around 30%. This percentage indicates that
this user agent is not common for their org. Tony investigates further and finds Rob with the
UserId field. Tony notices that Rob is a relatively new employee. By looking at the
ReportEvent events, Tony notices that Rob occasionally generates reports of 46k rows. Because
Rob is a relatively new employee, Tony can’t be certain whether this report matches Rob’s
typical activity pattern.
Tony concludes that this detection is possibly nomalous, although he doesn’t take any threat
mitigation actions now.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
