Log Types

The following table explains the available log types when conducting a search on log data. Every log type includes log facets for granular analysis of log data.

Table 1. Log Type Descriptions

Type

Description

Security Risk Scan

Information about messages with security risks based on pattern matching. Advanced Threat Protection scanning policies include Security Risk Scan and Virtual Analyzer events.

Ransomware

Information about messages, files, and Salesforce object records detected with ransomware.

Virtual Analyzer

Information about email attachments and files scanned and heuristically analyzed for threats in a virtual sandbox. Advanced Threat Protection scanning policies include Security Risk Scan and Virtual Analyzer events.

Data Loss Prevention

Information about email messages, Teams chat messages, files, and Salesforce object records that triggered Data Loss Prevention policy incidents.

Quarantine

Information about email messages and files quarantined due to threats or policy violations.

Audit Logs

Information about user log-on sessions, policy change events, quarantine management operations, and other management events.

API Integration

Information about the action taken on an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API.

URL Click Tracking

Information about user clicks on URLs in incoming email messages and the actions taken for the clicked URLs.

Outbound Message

Information about outbound email messages sent by mailboxes under outbound protection, including the actions taken for these email messages.

Email Tracking

Information about how the email messages are routed to Cloud App Security for Inline Protection of Exchange Online, including where Cloud App Security gets the message and sends the message back to.