Cloud Email and Collaboration
Protection stores data as searchable
indexes in cloud databases. Use these log facets to narrow a search to a specific
data set.
The following tables describe the available log facets for each log type. Some log
facets
may not show if there is no corresponding data.
Detection Log Facets
Log Facet
|
Description
|
Organization
|
Name of the protected organization.
This facet is available only when you have granted access to services for
multiple organizations.
|
Scan Source
|
Name of the protected application or service.
|
Security Filter
|
Security filter that detected the threat. The security filter includes Advanced
Spam Protection, File Blocking, Malware Scanning, Web Reputation, Data Loss
Prevention, Keyword Extraction, and Box Shared Links Control.
|
Threat Type
|
Type of threat detected.
|
Detected by
|
Technology or method through which email messages and files were detected as
containing a security threat.
|
Spam Category
|
Category of the spam email message detected.
|
URL Category
|
Category of the suspicious URL detected.
|
Affected User
|
The affected user refers to:
|
Triggered Policy
|
Name of the Security Risk Scan policy that was violated.
|
Action
|
Action taken for a file or message that violates a
policy.
|
Mail Direction
|
Inbound or outbound message. This facet only applies to Exchange Online (Inline
Mode).
|
Virus Name
|
Name of the virus detected.
|
Suspicious URL
|
URL that might contain threats.
|
Domain
|
Domain detected with ransomware.
|
Sender
|
Mailbox that sends the message.
|
Detection Type
|
Type of objects submitted to Virtual Analyzer. The objects can be files or
URLs.
|
Risk Level
|
Risk level of a file or URL classified by Trend Micro Web Reputation Services or
Virtual Analyzer.
|
Triggered Template
|
Name of the compliance template that was violated to trigger the Data Loss
Prevention policy.
|
Triggered Label
|
Name of the sensitivity label that was violated to trigger the Data Loss
Prevention policy.
|
Quarantine Log Facets
Log Facet
|
Description
|
Organization
|
Name of the protected organization.
This facet is available only when you have granted access to services for multiple
organizations.
|
Scan Source
|
Name of the protected application or service.
|
Security Filter
|
The security filter includes Virtual Analyzer, File Blocking, Web Reputation, Data
Loss Prevention, Malware Scanning, and Threat Mitigation API.
|
Affected User
|
For Exchange Online, the mailbox of a protected user that
received or sent a message violating a policy. For SharePoint Online, OneDrive,
Microsoft Teams (Teams), Box, Dropbox, and Google Drive, the user account that
uploaded or modified a file violating a policy.
|
Quarantine Type
|
Whether an email message or a file is already quarantined.
|
Performed by
|
Administrator or end user who restored or deleted a quarantined item.
|
Mail Direction
|
Inbound or outbound email message. This facet only applies to messages protected
under Inline Protection.
|
Audit Logs Log Facets
Log Facet
|
Description
|
Organization
|
Name of the protected organization.
This facet is available only when you have granted access to services for multiple
organizations.
|
User
|
Name of the user who performs management operations.
|
Action
|
Operation that a user performs, including logon events, scheduled user data
synchronizations, and policy changes.
|
API Integration Log Facets
Log Facet
|
Description
|
Organization
|
Name of the protected organization.
This facet is available only when you have granted access to services for multiple
organizations.
|
Scan Source
|
Name of the protected application or service.
|
Security Filter
|
The security filter includes the Threat Remediation API.
|
Affected User
|
Exchange Online mailbox that contains an email message matching any item in the
Blocked Lists for Exchange Online configured through the Threat Remediation API.
|
Action
|
Action taken for an email message matching any item in the Blocked Lists for
Exchange Online configured through the Threat Remediation API.
|
URL Click Tracking Log Facets
Log Facet
|
Description
|
Organization
|
Name of the protected organization.
This facet is available only when you have granted access to services for multiple
organizations.
|
Time of Click
|
Time when the user clicks the URL.
|
Action
|
Action taken when the user clicks the URL.
|
Sender
|
Sender of the email message that contains the clicked URL.
|
Recipient
|
Recipient of the email message that contains the clicked URL.
|
URL
|
URL that the user clicks.
|
Message ID
|
Unique ID that identifies the email message containing the clicked URL.
|
Email Tracking Log Facets
Log Facet
|
Description
|
Organization
|
Name of the protected organization.
This facet is available only when you have granted access to services for multiple
organizations.
|
Delivery Status
|
Delivery status of the inbound email message routed to Cloud Email and Collaboration
Protection for inline protection.
|
Recipient
|
Recipient of the inbound email message routed to Cloud Email and Collaboration
Protection for inline protection.
|
Mail Direction
|
Inbound or outbound email message. This facet only applies to messages protected
under Inline Protection.
|