Navigation :

SFDC Suspicious volume of records accessed

SFDC Suspicious volume of records accessed

Description

Suspicious volume of SFDC records accessed by user.

Content Mapping

This content has been mapped to the local saved search:

  • Threat - SFDCrecords - Rule [Remove]


Use Case

Insider Threat

Category

Data Exfiltration

Alert Volume

Medium

Data Availability

Bad

Journey

Stage 1

MITRE ATT&CK Tactics

Collection

MITRE ATT&CK Techniques

Data from Information Repositories

Data Sources

SFDC

   External Content

This content is made available by a third-party (“Third-Party Content”) and is subject to the provisions governing Third-Party Content set forth in the Splunk Software License Agreement. Splunk neither controls nor endorses, nor is Splunk responsible for, any Third-Party Content, including the accuracy, integrity, quality, legality, usefulness or safety of Third-Party Content. Use of such Third-Party Content is at the user’s own risk and may be subject to additional terms, conditions and policies applicable to such Third-Party Content (such as license terms, terms of service or privacy policies of the provider of such Third-Party Content).

For information on the provider of this Third-Party Content, please review the "" section below.

   About Content Provider

This content provider didn't provide any information about their organization. The content provided is custom.

   Search

sourcetype=sfdc-streaming-api-events PolicyOutcome=Notified RowsProcessed>10 | eval user=Username | eval PolicyName="SFDC Suspicious Volume of Records Accessed" | eval user=Username | table _time Name PolicyName user NumberOfColumns RowsProcessed | eval annotations.mitre_attack="T1213"
Open in Search