Cloud App Security Administration Guide for Office 365
Table of Contents
Viewing and Acting on Security Events
The Security Events table lists all of the security events for your secured cloud applications. You can be filter what is displayed in this in several ways.
| Security Events Filters | Description |
|---|---|
| Date | Timeframe during the security events occurred: previous 60 minutes, 24 hours, 7 days, 30 days, or 12 months. |
| State | State of the security events: these can be new events, remediated events, exceptions, or dismissed events. |
| Type | Security types: DLP, Malware, Malicious, Phishing, Anomaly, Suspicious, Shadow IT, Alert, or Spam. |
| Severity Level | Severity level of the security events: Critical, High, Medium, Low, or Lowest. |
| SaaS | All active cloud applications (Office 365 Emails, Gmail, etc.) |
| Tool | Tool that identified the threat (Anti-phishing, DLP, Advanced Threat Protection) |
| Search | Search for specific events based on the information available for the events. |
| Group Actions | Take action on a selection group of security events. |
The active filters are displayed above the data listed in the table. Displayed on the far right is the total number of security events that match the filtering criteria.