Log Options

Cloud App Security provides many options to save or view log data after performing a search.

The following illustration and table explain the options available underneath the Search bar.

Figure 1. Log Result Options
Table 1. Log Result Option Descriptions

Option

Description

Save the log data as a report to view at a later time. For details, see Generating Reports.

Export the log data as a CSV file to view as a spreadsheet or to import into another product.
  • Select Current View to export all log records in the current view.

  • Select All Records to export all log records of the selected type. A maximum of 10,000 records can be exported each time.

Preview the log data in the browser before saving it as a report.

View the log data in a chart or tabular format.

The following illustration explains how to sort log data.

Figure 2. Log Data Sorting Options

Sort log data in ascending or descending order in either of the following ways:

  • Click the title area of a column as necessary.

  • Click the down arrow at the right of the title area of a column, and then click Sort Ascending or Sort Descending as necessary.

Note:

Sorting is not supported for certain columns, for example, Summary Report in the Virtual Analyzer log type, Security Risk Name in the Security Risk Scan log type, and Ransomware Name in the Ransomware log type.

To cancel the current sorting, click the title area of another column to re-sort the log data, or click the down arrow at the right of the title area and then click Remove Sort.

To hide a column, click the down arrow at the right of its title area, and then click Hide Column.

To unhide a hidden column, click the title area of another column.

The following illustration explains how to view a triggered policy or quarantined items related to an affected user.

Figure 3. Link to Policy and Quarantine Options

Under Affected User in the log detail area, click the account name of a log item. The Quarantine page opens and the quarantined items related to this affected user appear.

Under Triggered Policy in the log detail area, click the policy name of a log item. The policy setting page corresponding to this policy appears.

The following illustration explains how to view the BEC report if an email message is detected as a BEC attack.

Figure 4. BEC Report Option
  1. Select Security Risk Scan from the Type drop-down list, and select Exchange Online or Gmail in the Scan Source log facet.

  2. Under Security Risk Name in the log detail area, hover over the item that contains the BEC spam category. The BEC Report appears, showing the possible reasons that cause the email message to be a BEC attack.

Note:
An email message can be classified by Cloud App Security as more than one spam category. In this case,
  • Spam categories are listed by priority of action set for each category.

  • Spam categories at the same priority of action are listed by their impact on users according to the result from Trend Micro Antispam Engine.

The following illustration explains how to view a comprehensive report for each Predictive Machine Learning detection.

Figure 5. Predictive Machine Learning Log Details Option
  1. Select Security Risk Scan from the Type drop-down list, and select Predictive Machine Learning in the Detected by log facet.

  2. Under Detected by in the log detail area, click the Predictive Machine Learning link.

    The Predictive Machine Learning Log Details screen appears, consisting of two sections:

    • Top banner: Specific details related to this particular detection

    • Bottom tab controls: Details related to the Predictive Machine Learning threat, including threat probability scores, probable threat types, and file information.

Table 2. Log Details - Top Banner

Section

Description

Detection name

Indicates the name of the Predictive Machine Learning detection

Detection time / Action

Indicates when this specific detection occurred and the action taken on the threat

File name

Indicates the name of the file that triggered the detection

Note:

Click Add to Exception List to quickly add the SHA-1 hash value of the affected file to the global Predictive Machine Learning Exception List.

View the entire exception list from Administration > Global Settings > Predictive Machine Learning Exception List.

Affected User

For Exchange Online and Gmail: Displays the mailbox that received an email message triggering the detection

For SharePoint Online, OneDrive for Business, Box, Dropbox, and Google Drive: Displays the user account that uploaded or modified a file triggering the detection

Table 3. Log Details - Tab Information

Tab

Description

Threat Indicators

Provides the results of the Predictive Machine Learning analysis

  • Threat Probability: Indicates how closely the file matches the malware model

  • Probable Threat Type: Indicates the most likely type of threat contained in the file after Predictive Machine Learning compared the analysis to other known threats

  • Similar Known Threats: Provides a list of known threat types that exhibit similar file features to the detection

File Details

Provides general details about the file properties for this specific detection log