Log Facets | Trend Micro Service Central

web

You’re offline. This is a read only version of the page.

Views:

Cloud App Security stores data as searchable indexes in cloud databases. Use these log facets to narrow a search to a specific data set. The following tables describe the available log facets for each log type. Some log facets may not show if there is no corresponding data.

Table 1. Security Risk Scan Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
Scan Source	Name of the protected application or service.
Security Filter	Security filter that detected the threat. The security filter includes Advanced Spam Protection, File Blocking, Malware Scanning, and Web Reputation.
Threat Type	Type of threat detected.
Detected by	Technology or method through which email messages and files were detected as containing a security threat.
Virus Name	Name of the virus detected.
Spam Category	Category of the spam email message detected.
URL Category	Category of the suspicious URL detected.
Risk Level	Risk level of a URL classified by Trend Micro Web Reputation Services.
Affected User	For Exchange Online and Gmail, the mailbox of a protected user that received or sent an email message violating a policy. For SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive, the user account that uploaded or modified a file violating a policy. For Salesforce, the user account that updated an object record violating a policy. For Teams Chat, the user that sent a private chat message violating a policy.
Triggered Policy	Name of the Security Risk Scan policy that was violated.
Action	Action taken for a file, message, or Salesforce object record that violates a policy.
Mail Direction	Inbound or outbound email message. This facet only applies to messages protected under Inline Protection.

Table 2. Ransomware Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
Scan Source	Name of the protected application or service.
Security Filter	Security filter that detected the threat. The security filter includes Malware Scanning and Web Reputation.
Threat Type	Type of threat detected.
Ransomware Name	Name of the ransomware detected.
Domain	Domain detected with ransomware.
Sender	Mailbox that distributed the ransomware.
Mail Direction	Inbound or outbound email message. This facet only applies to messages protected under Inline Protection.

Table 3. Virtual Analyzer Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
Scan Source	Name of the protected application or service.
Threat Type	Type of threat detected.
Detection Type	Type of objects submitted to Virtual Analyzer. The objects can be files or URLs.
Virus Name	Name of the virus detected.
Risk Level	Risk level that Virtual Analyzer assigned after analyzing a file for threatening behavior.
Affected User	For Exchange Online and Gmail, the mailbox of a protected user that received or sent an email message violating a policy. For SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive, the user account that uploaded or modified a file violating a policy. For Teams Chat, the user that sent a private chat message violating a policy.
Triggered Policy	Name of the Virtual Analyzer policy that was violated.
Action	Action taken for a file or message that violates a policy.
Mail Direction	Inbound or outbound email message. This facet only applies to messages protected under Inline Protection.

Table 4. Data Loss Prevention Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
Scan Source	Name of the protected application or service.
Security Filter	Security filter that detected the threat. The security filter includes Data Loss Prevention, Keyword Extraction, and Box Shared Links Control.
Threat Type	Type of threat detected.
Affected User	For Exchange Online and Gmail, the mailbox of a protected user that received or sent an email message violating a policy. For SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive, the user account that uploaded or modified a file violating a policy. For Salesforce, the user account that updated an object record violating a policy. For Teams Chat, the user that sent a private chat message violating a policy.
Triggered Policy	Name of the Data Loss Prevention policy that was violated.
Triggered Template	Name of the compliance template that was violated to trigger the Data Loss Prevention policy.
Triggered Label	Name of the sensitivity label that was violated to trigger the Data Loss Prevention policy.
Action	Action taken for a file, message, or Salesforce object record that violates a policy.
Mail Direction	Inbound or outbound email message. This facet only applies to messages protected under Inline Protection.

Table 5. Quarantine Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
Scan Source	Name of the protected application or service.
Security Filter	The security filter includes Virtual Analyzer, File Blocking, Web Reputation, Data Loss Prevention, Malware Scanning, and Threat Mitigation API.
Affected User	For Exchange Online, the mailbox of a protected user that received or sent a message violating a policy. For SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive, the user account that uploaded or modified a file violating a policy. For Salesforce, the user account that updated an object record violating a policy.
Quarantine Type	Whether an email message or a file is already quarantined.
Performed by	Administrator or end user who restored or deleted a quarantined item.
Mail Direction	Inbound or outbound email message. This facet only applies to messages protected under Inline Protection.

Table 6. Audit Logs Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
User	Name of the user who performs management operations.
Action	Operation that a user performs, including logon events, scheduled user data synchronizations, and policy changes.

Table 7. API Integration Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
Scan Source	Name of the protected application or service.
Security Filter	The security filter includes the Threat Remediation API.
Affected User	Exchange Online mailbox that contains an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API.
Action	Action taken for an email message matching any item in the Blocked Lists for Exchange Online configured through the Threat Remediation API.

Table 8. URL Click Tracking Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
Time of Click	Time when the user clicks the URL.
Action	Action taken when the user clicks the URL.
Sender	Sender of the email message that contains the clicked URL.
Recipient	Recipient of the email message that contains the clicked URL.
URL	URL that the user clicks.
Message ID	Unique ID that identifies the email message containing the clicked URL.

Table 9. Email Tracking Log Facets
Log Facet	Description
Organization	Name of the protected organization. This facet is available only when you have provisioned services for multiple organizations.
Delivery Status	Delivery status of the inbound email message routed to Cloud App Security for inline protection.
Recipient	Recipient of the inbound email message routed to Cloud App Security for inline protection.
Mail Direction	Inbound or outbound email message. This facet only applies to messages protected under Inline Protection.

Table of Contents

< Back to What’s New

Home / XDR and Management Platforms / Trend Vision One /

Title

Content

The page you're looking for can't be found or is under maintenance

Try again later or go back to the previous page

Was this article helpful?