Security Risk Scan

Information about messages with security risks based on pattern matching. Advanced Threat Protection scanning policies include Security Risk Scan and Virtual Analyzer events.

Ransomware

Information about messages, and files, and Salesforce object records detected with ransomware.

Virtual Analyzer

Information about suspicious files (including email attachments and uploaded files) and URLs (included in files and email message bodies) scanned and heuristically analyzed for threats in a virtual sandbox. Advanced Threat Protection scanning policies include Security Risk Scan and Virtual Analyzer events.

Data Loss Prevention

Information about email messages, Teams chat messages, and files, and Salesforce object records that triggered Data Loss Prevention policy incidents.

Quarantine

Information about email messages and files quarantined due to threats or policy violations.

Audit Logs

Information about user log-on sessions, policy change events, quarantine management operations, and other management events.

API Integration

Information about the action taken on an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API.

URL Click Tracking

Information about user clicks on URLs in incoming email messages and the actions taken for the clicked URLs.

Outbound Message

Information about outbound email messages sent by mailboxes under outbound protection, including the actions taken for these email messages.

Email Tracking

Information about how the Exchange Online or Gmail email messages are routed to Cloud App Security for Inline Protection, including where Cloud App Security gets the message and sends the message back to.