Log Facets | Trend Micro Service Central

Views:

Cloud App Security stores data as searchable indexes in cloud databases. Use these log facets to narrow a search to a specific data set. The following tables describe the available log facets for each log type. Some log facets may not show if there is no corresponding data.

Detection Log Facets

Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have granted access to services for multiple organizations.
Scan Source	Name of the protected application or service.
Security Filter	Security filter that detected the threat. The security filter includes Advanced Spam Protection, File Blocking, Malware Scanning, Web Reputation, Data Loss Prevention, Keyword Extraction, and Box Shared Links Control.
Threat Type	Type of threat detected.
Detected by	Technology or method through which email messages and files were detected as containing a security threat.
Spam Category	Category of the spam email message detected.
URL Category	Category of the suspicious URL detected.
Affected User	The affected user refers to: For Exchange Online and Gmail, the mailbox of the protected user that received or sent an email message violating a policy For SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive, the user account that uploaded or modified a file violating a policy. For Teams Chat, the user that sent a private chat message violating a policy.
Triggered Policy	Name of the Security Risk Scan policy that was violated.
Action	Action taken for a file or message that violates a policy.
Mail Direction	Inbound or outbound message. This facet only applies to Exchange Online (Inline Mode).
Virus Name	Name of the virus detected.
Suspicious URL	URL that might contain threats.
Domain	Domain detected with ransomware.
Sender	Mailbox that sends the message.
Detection Type	Type of objects submitted to Virtual Analyzer. The objects can be files or URLs.
Risk Level	Risk level of a file or URL classified by Trend Micro Web Reputation Services or Virtual Analyzer.
Triggered Template	Name of the compliance template that was violated to trigger the Data Loss Prevention policy.
Triggered Label	Name of the sensitivity label that was violated to trigger the Data Loss Prevention policy.

Quarantine Log Facets

Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have granted access to services for multiple organizations.
Scan Source	Name of the protected application or service.
Security Filter	The security filter includes Virtual Analyzer, File Blocking, Web Reputation, Data Loss Prevention, Malware Scanning, and Threat Mitigation API.
Affected User	For Exchange Online, the mailbox of a protected user that received or sent a message violating a policy. For SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive, the user account that uploaded or modified a file violating a policy.
Quarantine Type	Whether an email message or a file is already quarantined.
Performed by	Administrator or end user who restored or deleted a quarantined item.
Mail Direction	Inbound or outbound email message. This facet only applies to messages protected under Inline Protection.

Audit Logs Log Facets

Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have granted access to services for multiple organizations.
User	Name of the user who performs management operations.
Action	Operation that a user performs, including logon events, scheduled user data synchronizations, and policy changes.

API Integration Log Facets

Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have granted access to services for multiple organizations.
Scan Source	Name of the protected application or service.
Security Filter	The security filter includes the Threat Remediation API.
Affected User	Exchange Online mailbox that contains an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API.
Action	Action taken for an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API.

URL Click Tracking Log Facets

Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have granted access to services for multiple organizations.
Time of Click	Time when the user clicks the URL.
Action	Action taken when the user clicks the URL.
Sender	Sender of the email message that contains the clicked URL.
Recipient	Recipient of the email message that contains the clicked URL.
URL	URL that the user clicks.
Message ID	Unique ID that identifies the email message containing the clicked URL.

Email Tracking Log Facets

Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have granted access to services for multiple organizations.
Delivery Status	Delivery status of the inbound email message routed to Cloud App Security for inline protection.
Recipient	Recipient of the inbound email message routed to Cloud App Security for inline protection.
Mail Direction	Inbound or outbound email message. This facet only applies to messages protected under Inline Protection.