Cloud App Security provides many options to save or view log data after performing a search.
The following illustration and table explain the options available underneath the Search bar.
Option |
Description |
---|---|
![]() |
Save the log data as a report to view at a later time. |
![]() |
Export the log data as a CSV file to view as a spreadsheet or to import into
another product.
|
![]() |
Preview the log data in the browser before saving it as a report. |
![]() |
View the log data in a chart or tabular format. |
The following illustration explains how to sort log data.
Sort log data in ascending or descending order in either of the following ways:
Click the title area of a column as necessary.
Click the down arrow at the right of the title area of a column, and then click Sort Ascending or Sort Descending as necessary.
Sorting is not supported for certain columns, for example, Summary Report in the Virtual Analyzer log type, Security Risk Name in the Security Risk Scan log type, and Ransomware Name in the Ransomware log type.
To cancel the current sorting, click the title area of another column to re-sort the log data, or click the down arrow at the right of the title area and then click Remove Sort.
To hide a column, click the down arrow at the right of its title area, and then click Hide Column.
To unhide a hidden column, click the title area of another column.
The following illustration explains how to view a triggered policy or quarantined items related to an affected user.
Under Affected User in the log detail area, click the account name of a log item. The Quarantine page opens and the quarantined items related to this affected user appear.
Under Triggered Policy in the log detail area, click the policy name of a log item. The policy setting page corresponding to this policy appears.
The following illustration explains how to view the BEC report if an email message is detected as a BEC attack.
Select Security Risk Scan from the Type drop-down list, and select Exchange Online or Gmail in the Scan Source log facet.
Under Security Risk Name in the log detail area, hover over the item that contains the BEC spam category. The BEC Report appears, showing the possible reasons that cause the email message to be a BEC attack.
Spam categories are listed by priority of action set for each category.
Spam categories at the same priority of action are listed by their impact on users according to the result from Trend Micro Antispam Engine.
The following illustration explains how to view a comprehensive report for each Predictive Machine Learning detection.
Select Security Risk Scan from the Type drop-down list, and select Predictive Machine Learning in the Detected by log facet.
Under Detected by in the log detail area, click the Predictive Machine Learning link.
The Predictive Machine Learning Log Details screen appears, consisting of two sections:
Top banner: Specific details related to this particular detection
Bottom tab controls: Details related to the Predictive Machine Learning threat, including threat probability scores, probable threat types, and file information.
Section |
Description |
---|---|
Detection name |
Indicates the name of the Predictive Machine Learning detection |
Detection time / Action |
Indicates when this specific detection occurred and the action taken on the threat |
File name |
Indicates the name of the file that triggered the detection Note:
Click Add to Exception List to quickly add the SHA-1 hash value of the affected file to the global Predictive Machine Learning Exception List. View the entire exception list from Administration > Global Settings > Predictive Machine Learning Exception List. |
Affected User |
For Exchange Online and Gmail: Displays the mailbox of a protected user that received or sent an email message triggering the detection For SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive: Displays the user account that uploaded or modified a file triggering the detection For Salesforce: Displays the user account that updated an object record violating a policy For Teams Chat: Displays the user that sent a private chat message violating a policy |
Tab |
Description |
---|---|
Threat Indicators |
Provides the results of the Predictive Machine Learning analysis
|
File Details |
Provides general details about the file properties for this specific detection log |
(Exchange Online only) The following illustration explains how to manage a quarantined email message from the Logs screen.
Select Security Risk Scan from the Type drop-down list, select Exchange Online in the Scan Source log facet, select Quarantine in the Action log facet, and specify other log facets as necessary.
Under Action in the log detail area, click Quarantine of an item.
On the screen that appears, select the item and restore, download, or delete it as necessary.
If there is no item shown on the screen, the quarantined item may have already been restored or deleted. Click >> Back to Logs and select the Quarantine log type to view detailed information.
Click >> Back to Logs.
The Logs screen appears, displaying the previously configured search criterion and the search result.
(Exchange Online - Inline Mode only) The following describes how to view the email tracking logs for an email that has been redirected to other users than the originally intended recipients.
Select Data Loss Prevention from the Type drop-down list, select Exchange Online (Inline Mode) in the Scan Source log facet, select Change Recipient in the Action log facet, and specify other log facets as necessary.
Under Action in the log details area, click Change Recipient of an item.
On the screen that appears, you can find the email tracking logs for this email, including information about both the user that the email is redirected to and the originally intended recipients.
The following describes how to view the Virtual Analyzer report for malicious files or URLs detected.
Select Virtual Analyzer from the Type drop-down list, and select Malicious files or Malicious URLs from the Threat Type log facet.
Under Summary Report, click Download Report.
The following describes how to view source information about ransomware.
Select Ransomware from the Type drop-down list.
Under Ransomware Name, hover over a ransomware threat and view the domain, IP, and location about the ransomware.