Find out the type of information you want to query in logs.

The following table explains the available log types when conducting a search on log data. Every log type includes log facets for granular analysis of log data. For details, see Log Facets.

Log Type Descriptions

Log Type
Detection logs
Information about email messages, chat messages, and files detected with threats or data leakage, as well as information about files and URLs submitted to Virtual Analyzer for threat analysis in a virtual sandbox.
This log type consolidates the following log types in the old management console: Security Risk Scan, Ransomware, Virtual Analzyer, and Data Loss Prevention
Quarantine logs
Information about email messages and files quarantined due to threats or policy violations.
URL click tracking logs
Information about user clicks on URLs in incoming email messages and the actions taken for the clicked URLs.
Email tracking logs
Information about how the Exchange Online or Gmail email messages are routed to Cloud App Security for Inline Protection, including where Cloud App Security gets the message and sends the message back to.
API integration logs
Information about the action taken on an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API.
Audit logs
Information about user log-on sessions, policy change events, quarantine management operations, and other management events.