Log Facets

Cloud App Security stores data as searchable indexes in cloud databases. Use these log facets to narrow a search to a specific data set. The following tables describe the available log facets for each log type.

Table 1. Security Risk Scan Log Facets

Log Facet

Description

Scan Source

Name of the protected service.

Security Filter

The security filter includes Advanced Spam Protection, File Blocking, Malware Scanning, and Web Reputation.

Detected by

Technology or method through which email messages and files were detected as containing a security threat.

Virus Name

Name of the virus detected.

Spam Category

Category of the spam email message detected.

URL Category

Category of the suspicious URL detected.

Risk Level

Risk level of a URL classified by Trend Micro Web Reputation Services.

Affected User

For Exchange Online and Gmail, the mailbox that received a message violating a policy. For SharePoint Online, OneDrive for Business, Box, Dropbox and Google Drive, the user account that uploaded or modified a file violating a policy.

Triggered Policy

Name of the Security Risk Scan policy that was violated.

Action

Action taken for a file or message that violates a policy.

Table 2. Ransomware Log Facets

Log Facet

Description

Scan Source

Name of the protected service.

Security Filter

The security filter includes Malware Scanning and Web Reputation.

Ransomware Name

Name of the ransomware detected.

Domain

Domain detected with ransomware.

Sender

Mailbox that distributed the ransomware.

Table 3. Virtual Analyzer Log Facets

Log Facet

Description

Scan Source

Name of the protected service.

Virus Name

Name of the virus detected.

Risk Level

Risk level that Virtual Analyzer assigned after analyzing a file for threatening behavior.

Affected User

For Exchange Online and Gmail, the mailbox that received a message violating a policy. For SharePoint Online, OneDrive for Business, Box, Dropbox and Google Drive, the user account that uploaded or modified a file violating a policy.

Triggered Policy

Name of the Virtual Analyzer policy that was violated.

Action

Action taken for a file or message that violates a policy.

Table 4. Data Loss Prevention Log Facets

Log Facet

Description

Scan Source

Name of the protected service.

Affected User

For Exchange Online and Gmail, the mailbox that received a message violating a policy. For SharePoint Online, OneDrive for Business, Box, Dropbox and Google Drive, the user account that uploaded or modified a file violating a policy.

Triggered Policy

Name of the Data Loss Prevention policy that was violated.

Triggered Template

Name of the compliance template that was violated to trigger the Data Loss Prevention policy.

Action

Action taken for a file or message that violates a policy.

Security Filter

The security filter includes Data Loss Prevention and Keyword Extraction.

Table 5. Quarantine Log Facets

Log Facet

Description

Scan Source

Name of the protected service.

Security Filter

The security filter includes Virtual Analyzer, File Blocking, Web Reputation, Data Loss Prevention and Malware Scanning.

Affected User

For Exchange Online, the mailbox that received a message violating a policy. For SharePoint Online, OneDrive for Business, Box, Dropbox and Google Drive, the user account that uploaded or modified a file violating a policy.

Quarantine Type

Whether an email message or a file is already quarantined.

Restored by

Whether it is the administrator or end user who restored a quarantined file in Box violating a Data Loss Prevention policy.

Table 6. Audit Logs Log Facet

Log Facet

Description

User

Name of the user who performs management operations.

Action

Operation that a user performs, including logon events, scheduled user data synchronizations, and policy changes.