Searching Logs

  1. Select a log type to search.

    The following log types are available.

    Log Type


    Detection logs

    Information about email messages, chat messages, and files detected with threats or data leakage, as well as information about files and URLs submitted to Virtual Analyzer for threat analysis in a virtual sandbox.

    This log type consolidates the following log types in the old management console: Security Risk Scan, Ransomware, Virtual Analzyer, and Data Loss Prevention

    Audit logs

    Information about user log-on sessions, policy change events, quarantine management operations, and other management events.

    Email tracking logs

    Information about how the email messages are routed to Cloud App Security for Inline Protection of Exchange Online, including where Cloud App Security gets the message and sends the message back to.

    Quarantine logs

    Information about email messages and files quarantined due to threats or policy violations.

    API integration logs

    Information about the action taken on an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API.

    URL click tracking logs

    Information about user clicks on URLs in incoming email messages and the actions taken for the clicked URLs.

  2. In the search bar, select a criterion from the drop-down list and type the value for the criterion.

    To specify more criteria, press ENTER.

  3. Specify the period of logs to search.

    You can search the email tracking logs in the last 90 days and the other logs in the last 180 days.

  4. Click Search.
  5. Select the log facets on the left to quickly filter the search result.

    The log facets are the most important search criteria for a log type. Each log facet lists the top items by log volume.

  6. Click the icon above the search filters to view a chart showing the volume of logs over the selected period of time.

    You can click on the bars to view the log volume of a more granular time period. Hourly bars cannot be further drilled down.