Managing Security Events

Avanan supports multiple ways to handle security events, whether they are detected/prevented automatically or found by the administrators/end users after not being prevented.

Note - To search through events, manage and act on the detected security events via API, refer to Avanan SmartAPI Reference Guide.

Viewing Security Events

The Events screen shows a detailed view of all the security events in real time. Using search and filters, you can see events related to any time period, state, severity level, and SaaS.

Filters

There are a number of filtering options.

Various filters are available on security events including a free text search.

Security Event Filter Description
Date Specify the timeframe of security events you want to filter for.
Options include: Last 60 min, Last 24 hours, Last 7 days, Last 30 days, and Last 12 months.
State Select to view security events that are in state New, Remediated, Dismissed, and/or have exceptions.
In the Monitor only mode, the state is always New.
Remediated events are not seen in the Monitor only mode.
Type Select to view security events of these security types: DLPMalwarePhishingAnomalySuspiciousShadow ITAlert, and Spam.
Security Level Select to view all security events of these security levels: All, Critical, High, Medium, Low, and/or Lowest.
SaaS All activated cloud applications.
Event Description Events description section, identifies which file or email was found to be malicious and for what reason.

 

You can see security events for these SaaS applications:

  • Office 365 Mail
  • Office 365 OneDrive
  • Office 365 SharePoint
  • Microsoft Teams
  • Gmail
  • Google Drive
  • Citrix ShareFile
  • Box

Managing Views

Departments with responsibilities related to email security are comprised of different teams and different roles, each often interested in a different set of security events.

Administrators can create multiple views which are a combination of filters in the Events screen for filtering the relevant events. Each administrator can set a different view to be presented by default.

To add a new View:

  1. Go to Events.
  2. Using filters, set the criteria for filtering the relevant events.
  3. Click Save as from the top left side of the Events screen.
  4. In the Save View window that appears, enter the required View Name.
  5. Click Save.

Note:  If an administrator adds (or deletes) a View, it gets added (or deleted) for all the administrators.

To select a saved View:

  1. Go to Events.
  2. Click Saved views from the top right side of the Events screen.
  3. In the Saved Views window that appears, select the required view.
  4. Click Close.

Notes:

  • To edit a View, select the View, change the required filters, and click Save from the top left side of the Events screen.
  • After saving, the View gets updated for all the administrators.

To set a default View:

  1. Click Saved views from the top right side of the Events screen.
  2. In the Saved Views window that appears, click the Star icon next to the relevant view.
  3. Click Close.

Note - The default view selected is relevant only to the administrator that set it. Each administrator can select a different default View.