Events Page
The Events screen shows a detailed view of all the security events in real time. Using search and filters, you can see events related to any time period, state, severity level, and SaaS.
Filters
There are a number of filtering options.
Various filters are available on security events including a free text search.
Security Event Filter | Description |
Date | Specify the timeframe of security events you want to filter for. Options include: Last 60 min, Last 24 hours, Last 7 days, Last 30 days, and Last 12 months. |
State | Select to view security events that are in state New, Remediated, Dismissed, and/or have exceptions. In the Monitor only mode, the state is always New. Remediated events are not seen in the Monitor only mode. |
Type | Select to view security events of these security types: DLP, Malware, Phishing, Anomaly, Suspected, Shadow IT, Alert, and Spam. |
Security Level | Select to view all security events of these security levels: All, Critical, High, Medium, Low, and/or Lowest. |
SaaS | All activated cloud applications. |
Event Description | Events description section, identifies which file or email was found to be malicious and for what reason. |
You can see security events for these SaaS applications:
- Office 365 Mail
- Office 365 OneDrive
- Office 365 SharePoint
- Microsoft Teams
- Gmail
- Google Drive
- Citrix ShareFile
- Box
Managing Views
Departments with responsibilities related to email security are comprised of different teams and different roles, each often interested in a different set of security events.
Administrators can create multiple views which are a combination of filters in the Events screen for filtering the relevant events. Each administrator can set a different view to be presented by default.
To add a new View:
- Go to Events.
- Using filters, set the criteria for filtering the relevant events.
- Click Save as from the top left side of the Events screen.
- In the Save View window that appears, enter the required View Name.
- Click Save.
Note: If an administrator adds (or deletes) a View, it gets added (or deleted) for all the administrators.
To select a saved View:
- Go to Events.
- Click Saved views from the top right side of the Events screen.
- In the Saved Views window that appears, select the required view.
- Click Close.
Notes:
- To edit a View, select the View, change the required filters, and click Save from the top left side of the Events screen.
- After saving, the View gets updated for all the administrators.
To set a default View:
- Click Saved views from the top right side of the Events screen.
- In the Saved Views window that appears, click the Star icon next to the relevant view.
- Click Close.
Note - The default view selected is relevant only to the administrator that set it. Each administrator can select a different default View.