Events Table

Events Table

The Events table has these columns:

Events Table Column Name Description
Date & Time

The time at which the event was generated.

State
  • Pending - The administrator is requested to perform an action to remediate the event.

    For example, the policy is in Monitor mode, and a detected phishing email is in a user's mailbox.

  • Remediated - The event has been remediated, manually or automatically based on the policy.

    Event may be remediated in many ways, such as quarantining the email, removing attachments, or delivering it to the Junk/Spam folder.

  • Detected - Security event took place, but the administrator cannot manually remediate it.

    For example, a malicious email was sent by an internal user to an external recipient.

  • Dismissed - The event was manually dismissed by an administrator.

Severity

Severity of the security event.

  • Critical

  • High

  • Medium

  • Low

  • Very Low

SaaS

The SaaS application the event was triggered in.

Threat Type
  • DLP

  • Malware

  • Phishing

    • Under Phishing, in many cases, the exact phishing category will be available.

  • Anomaly

  • Suspected Phishing

  • Suspected Malware

  • Shadow IT

  • Spam

  • Alert - Based on the policy and configurations, event generated alerts sent to all users.

  • Malicious URL Click

  • Proceed to Malicious URL

Details

Information about the event.

User

The users involved in the event.

Examples:

  • For a phishing event, the column shows the sender and the recipients.

  • For a compromised account (anomaly) event, the column shows the compromised user.

Action Taken

The action that was taken to remediate the event.

Remediated By
  • Avanan - Avanan took the remediation action automatically based on the policy.

  • Microsoft - Microsoft took the remediation action automatically.

  • Admin - Administrator performed manual remediation on the event.

    For example, the administrator quarantined the email post-delivery.

  • Avanan analyst - A Avanan

    analyst checked the end-user requests and reports. This is relevant only for customers that purchased the Incident Response as a service add-on.

Notes

Shows the notes associated with the security event. See Adding a Note to a Security Event.