Events

SaaS Events

Events are audit of all actions (for example, TokenClosed Secret key used to establish a secure connection between two systems. removed) taken either by the system or Administrator during a specific time period.

Column

Description
Risk

Risk level of the action:

  • Positive

  • Fair

  • None

  • Trivial

  • Low

  • Medium

  • High

  • Critical

Type

Type of action.

Description

Action description. For more information, scroll to the beginning of the row and click .

Host service

Host service related to the action.

Linked service

Services that are linked to action.

IntegrationClosed Entity (SaaS application, plug-in, API key, and so on) that facilitate the integration of the host service with the linked service.

Software enabling data exchange between services.
Account

User associated with the action.
Date & time Date and time when the action was generated.

File Protection Events

The Events page provides a detailed log of all DLP and malware-related activities.

To access Malware and DLP Events:

  1. Navigate to Events in the left menu.

  2. Select File Protection.

The Events page displays audit and security events related to malware and DLP.

Event Types

The Preset Filters list allows you to view:

  • Audit Events - Administrative actions on policies:

    • Policy Activated

    • Policy Deactivated

    • Policy Order Updated

  • Security Events - Actual violation and threats detected:

    • Malware Detected in File

    • Malware Threat Resolved

    • Sensitive Data Violation

    • Sensitive Data Violation - File Deleted

Events Table

The Events table includes the following columns:

Column

Description

Risk

Severity level of the event (Critical, High, Medium, Low, Very low, Fair, Positive)

Type

Type of event (Policy Activated, Malware Detected in File, Malware Threat Resolved)

Description

Detailed description of the event, including:

  • File name and affected user

  • Policy name that triggered the event

  • Malware type detected

  • Action taken

Host service

The SaaS service where the event occurred (Google Drive, Jira, Microsoft)

Action

Action performed (Activated, Deactivated, Detected, Deleted, Resolved, Order Updated)

Entity name

A unique identifier for the entity - file, path, policy, etc.

Account

User associated with the event

Date & time

Timestamp of the event occurrence

Malware Detected:

  • Risk: High

  • Type: Malware Detected in File

  • Description: Malware detected in file "report_final.docx" by user ddd.chen@acme.com. Policy "Google Malware Delete, entire org" permanently deleted the file. Threat eliminated.

  • Host service: Google

  • Action: Detected

  • Entity name: report_final.docx

  • Account: gi...

  • Date & time: Jan 28, 2026, 3:33 AM

Example Security Event:

  • Risk: Critical

  • Type: Sensitive Data Violation

  • Description: File "Auth_Certificates.p12" contains sensitive data by user ccc.xxx@acme.com. Policy "Secrets Detection" detected a violation. Data types found: Certificate

  • Host service: Jira

  • Action: Detected

  • Entity name: Auth_Certificates.p12

  • Account:mike.xxxx@acme.com

  • Date & time: Jan 28, 2026, 8:55 AM