Log Types
The following table explains the available log types when conducting a search on log data. Every log type includes log facets for granular analysis of log data.
|
Type |
Description |
|---|---|
|
Security Risk Scan |
Information about messages with security risks based on pattern matching. Advanced Threat Protection scanning policies include Security Risk Scan and Virtual Analyzer events. |
|
Ransomware |
Information about messages, files, and Salesforce object records detected with ransomware. |
|
Virtual Analyzer |
Information about email attachments and files scanned and heuristically analyzed for threats in a virtual sandbox. Advanced Threat Protection scanning policies include Security Risk Scan and Virtual Analyzer events. |
|
Data Loss Prevention |
Information about email messages, Teams chat messages, files, and Salesforce object records that triggered Data Loss Prevention policy incidents. |
|
Quarantine |
Information about email messages and files quarantined due to threats or policy violations. |
|
Audit Logs |
Information about user log-on sessions, policy change events, quarantine management operations, and other management events. |
|
API Integration |
Information about the action taken on an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API. |
|
URL Click Tracking |
Information about user clicks on URLs in incoming email messages and the actions taken for the clicked URLs. |
|
Outbound Message |
Information about outbound email messages sent by mailboxes under outbound protection, including the actions taken for these email messages. |
|
Email Tracking |
Information about how the inbound email messages are routed to Cloud App Security for inbound protection of Exchange Online in inline mode, including where Cloud App Security gets the message and sends the message back to. |
