Security Risk Scan widgets help you monitor activity about threats known to Trend Micro that affect your network. Threats may include known malware, spam email messages, file attributes, and URLs known as suspicious. Security Risk Scan discovers threats through traditional signature-based methods.

This widget shows the total detections for each cloud application or service over the selected time period.

Malware Scanning uses Trend Micro's virus scan engine to detect emerging threats.

The graph is based on the selected time period. The Y-axis represents the number of detections for each protected application or service. The X-axis represents the time period moving backwards in time from right to left. Mouse-over an area on the graph to learn more about a metric.

Use the drop-down menu to select the time period to view.

Click a service in the widget legend to show or hide data related to that service.

Advanced Threat Protection policies affect Cloud App Security scanning behavior for Malware Scanning. To configure Malware Scanning policies, see Configuring Malware Scanning.

This widget displays the number of malware detections by different technologies over the current and previous time periods.

Besides the traditional threat detection methods relying on pattern files, Cloud App Security also integrates the Trend Micro Predictive Machine Learning engine to help monitor potential malware behavior across your organization and protect your network from new, previously unidentified, or unknown threats through advanced file feature analysis. For details about the engine, see About predictive machine learning.

In addition, Cloud App Security can choose to implement the suspicious file list synchronized from its integrated Trend Micro Apex Central / Control Manager during scanning. For details, see Configuring suspicious object settings.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Advanced Threat Protection policies affect Cloud App Security scanning behavior for malware detection. To configure Malware Scanning policies, see Configuring Malware Scanning.

This widget displays the number of credential phishing detections by different technologies over the current and previous time periods.

Attackers may use phishing websites that disguise as legitimate websites to steal user credentials that provide access to your network. Cloud App Security provides multiple mechanisms to detect these credential phishing attacks across your organization and prevent your users from the fraudulent websites that trick users into providing credential information. Web Reputation Services, together with dynamic URL scanning and artificial intelligence (AI)-based computer vision, set up more than one safeguard to screen out credential phishing URLs in email messages and files in protected applications and services.

For more information on these mechanisms, see Web Reputation Services.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

This widget displays the number of files in different file types detected by File Blocking over the current and previous time periods.

Many malware closely associate with certain file type extensions (examples: .doc, .exe, .dll). The file's extension identifies the file type. Similarly, specific attacks often associate with a specific file name. Cloud App Security can block files according to the file type, file name, file extension, or file contents that contain suspicious URLs.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Advanced Threat Protection policies affect Cloud App Security scanning behavior for file blocking. To configure File Blocking policies, see Configuring File Blocking.

This widget displays the total number of objects scanned and the number of threats detected by Web reputation over the current and previous time periods.

With one of the largest domain-reputation databases in the world, Trend Micro web reputation technology tracks the credibility of web domains by assigning a reputation score based on factors including website's age, historical location changes and indications of suspicious activities discovered through malware behavior analysis, such as phishing attacks that are designed to trick users into providing personal information. To increase accuracy and reduce false positives, Trend Micro Web Reputation Services assigns reputation scores to specific pages or links within sites instead of classifying or blocking entire sites, since often, only portions of legitimate sites are hacked and reputations can change dynamically over time.

Trend Micro delivers Web Reputation Services to Cloud App Security through Trend Micro Smart Protection Network.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Advanced Threat Protection policies affect Cloud App Security scanning behavior for web reputation. To configure Web Reputation policies, see Configuring Web Reputation.

This widget shows the most frequent suspicious URLs in email messages, Teams chat messages, files, and Salesforce object records. Cloud App Security uses Trend Micro Web Reputation Services to detect a URL's risk level.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

This widget shows the users most frequently affected by suspicious URLs in email messages, Teams chat messages, files, and Salesforce object records. Cloud App Security uses Trend Micro Web Reputation Services to detect a URL's risk level.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

This widget categorizes threat detection activity by the Trend Micro Antispam Engine over the current and previous time periods.

Many spam email messages are commercial in nature, but may also contain disguised links that appear to be for familiar websites but in fact lead to phishing websites or sites that are hosting malware.

Spam email messages may also be sent by someone impersonating high-level executives from a business for financial fraud, which is known as Business Email Compromise, an emerging global threat.

Besides BEC, email is now a prevalent approach by fraudsters to conduct scams, also known as confidence tricks, attempting to defraud a person or group after first gaining their confidence and bringing great losses to victims. For example, an advance-fee scheme is one of the most common types of scams.

There are also graymail messages, that is, email messages such as marketing newsletters that some users value while others prefer to block.

Cloud App Security uses the Trend Micro Antispam Engine to provide advanced spam protection, as a complement to the email protection service on your email gateway side, to further protect your email service users from graymail, scam, BEC, ransomware, advanced phishing, and other high-profile attacks.

Use the drop-down menu to select the time period to view.

Click the number under Detections to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Advanced Threat Protection policies affect Cloud App Security scanning behavior for spam detection. To configure Advanced Spam Protection policies, see Configuring Advanced Spam Protection.

This widget shows the senders that most frequently distributed spam email messages in the protected email service, that is, Exchange Online or Gmail, over the current and previous time periods.

Use the drop-down menu to select the time period to view.

Click the number under Detections to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

This widget shows the Exchange Online or Gmail users most frequently targeted by spam email messages.

Use the drop-down menu to select the time period to view.

Click the number under Detections to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

This widget shows the detections of Time-of-Click Protection actions, including the total number of URLs clicked, the number of URLs allowed, the number of URLs blocked, the number of URLs that users are warned about and stop accessing, and the number of URLs that users are warned about but continue to access, within the specified time period.

Use the drop-down menu to select the time period to view.

Click the number under Detections to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).