Log Options

Cloud App Security provides many options to save or view log data after performing a search.

The following illustration and table explain the options available underneath the Search bar.

Figure 1. Log Result Options

Table 1. Log Result Option Descriptions
Option	Description
	Save the log data as a report to view at a later time.
	Export the log data as a CSV file to view as a spreadsheet or to import into another product. Select Current View to export all log records in the current view. Select All Records to export all log records of the selected type. A maximum of 10,000 records can be exported each time.
	Preview the log data in the browser before saving it as a report.
	View the log data in a chart or tabular format.

The following illustration explains how to sort log data.

Figure 2. Log Data Sorting Options

Sort log data in ascending or descending order in either of the following ways:

Click the title area of a column as necessary.
Click the down arrow at the right of the title area of a column, and then click Sort Ascending or Sort Descending as necessary.

Note:

Sorting is not supported for certain columns, for example, Summary Report in the Virtual Analyzer log type, Security Risk Name in the Security Risk Scan log type, and Ransomware Name in the Ransomware log type.

To cancel the current sorting, click the title area of another column to re-sort the log data, or click the down arrow at the right of the title area and then click Remove Sort.

To hide a column, click the down arrow at the right of its title area, and then click Hide Column.

To unhide a hidden column, click the title area of another column.

The following illustration explains how to view a triggered policy or quarantined items related to an affected user.

Figure 3. Link to Policy and Quarantine Options

Under Affected User in the log detail area, click the account name of a log item. The Quarantine page opens and the quarantined items related to this affected user appear.

Under Triggered Policy in the log detail area, click the policy name of a log item. The policy setting page corresponding to this policy appears.

The following illustration explains how to view the BEC report if an email message is detected as a BEC attack.

Figure 4. BEC Report Option

Select Security Risk Scan from the Type drop-down list, and select Exchange Online or Gmail in the Scan Source log facet.
Under Security Risk Name in the log detail area, hover over the item that contains the BEC spam category. The BEC Report appears, showing the possible reasons that cause the email message to be a BEC attack.

Note:

An email message can be classified by Cloud App Security as more than one spam category. In this case,

Spam categories are listed by priority of action set for each category.
Spam categories at the same priority of action are listed by their impact on users according to the result from Trend Micro Antispam Engine.

The following illustration explains how to view a comprehensive report for each Predictive Machine Learning detection.

Figure 5. Predictive Machine Learning Log Details Option

Select Security Risk Scan from the Type drop-down list, and select Predictive Machine Learning in the Detected by log facet.
Under Detected by in the log detail area, click the Predictive Machine Learning link.

The Predictive Machine Learning Log Details screen appears, consisting of two sections:
- Top banner: Specific details related to this particular detection
- Bottom tab controls: Details related to the Predictive Machine Learning threat, including threat probability scores, probable threat types, and file information.

Table 2. Log Details - Top Banner
Section	Description
Detection name	Indicates the name of the Predictive Machine Learning detection
Detection time / Action	Indicates when this specific detection occurred and the action taken on the threat
File name	Indicates the name of the file that triggered the detection Note: Click Add to Exception List to quickly add the SHA-1 hash value of the affected file to the global Predictive Machine Learning Exception List. View the entire exception list from Administration > Global Settings > Predictive Machine Learning Exception List.
Affected User	For Exchange Online and Gmail: Displays the mailbox that received an email message triggering the detection For SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive: Displays the user account that uploaded or modified a file triggering the detection For Salesforce: Displays the user account that updated an object record violating a policy For Teams Chat: Displays the user that sent a private chat message violating a policy

Table 3. Log Details - Tab Information
Tab	Description
Threat Indicators	Provides the results of the Predictive Machine Learning analysis Threat Probability: Indicates how closely the file matches the malware model Probable Threat Type: Indicates the most likely type of threat contained in the file after Predictive Machine Learning compared the analysis to other known threats Similar Known Threats: Provides a list of known threat types that exhibit similar file features to the detection
File Details	Provides general details about the file properties for this specific detection log

(Exchange Online only) The following illustration explains how to manage a quarantined email message from the Logs screen.

Figure 6. Quarantined Item Management Option

Select Security Risk Scan from the Type drop-down list, select Exchange Online in the Scan Source log facet, select Quarantine in the Action log facet, and specify other log facets as necessary.
Under Action in the log detail area, click Quarantine of an item.
On the screen that appears, select the item and restore, download, or delete it as necessary.

Note:
If there is no item shown on the screen, the quarantined item may have already been restored or deleted. Click >> Back to Logs and select the Quarantine log type to view detailed information.
Click >> Back to Logs.

The Logs screen appears, displaying the previously configured search criterion and the search result.