Security | Identify Anomalies
Analyzes security alerts and metrics to identify anomalies and potential threats for each tenant and metric type.
Required Editions
| Available in: Lightning Experience |
| Available in: Enterprise, Performance, Unlimited, and Developer Editions with the Security Center add-on and Foundations or Agentforce 1 Editions. |
| User Permissions Needed | |
|---|---|
| To view Security Center pages: | View Security Center |
| To create and edit security policies: | Manage Security Center |
| See Common User Access for Standard Agent Actions. | |
Action Details
| API Name | IdentifyAnomalies |
| Reference Action Type | Standard Action |
| Does this tool run one or more prompt templates? | Yes |
| Required setup | Turn on Security Center and Security Agent with View Security Center or Manage Security Center user permission. |
IdentifyAnomalies and Prompt Templates
The tool runs the Identify Anomalies prompt template. The prompt template acts as a security analyst:
- Identifies unusual patterns, including unexpected login behaviors, data access spikes, and privilege escalations.
- Correlates data across multiple sources to detect security anomalies.
- Filters false positives to ensure accurate threat detection.
- Provides structured output that includes severity levels, risk assessments, and recommended remediation actions.
Guidelines and Considerations
IdentifyAnomalies analyzes multiple data sources, including security alerts,
metrics, and threat detection events.
- Categorizes anomalies by High, Medium, or Low severity with specific details and risk assessments.
- Focuses on genuine security concerns rather than routine events.
- Includes specific user information and recommended remediation steps in the results.
- Returns a clear "No Security Anomalies Detected" message when the system detects no anomalies.
Did this article solve your issue?
Let us know so we can improve!
