Understanding activity and action descriptions in API logs

When viewing the Dashboard in the Audit View, you will see columns for Activity (the activity the user was doing that generated the event) and Action (the action Forcepoint ONE SSE took per policy match).

Activity Description
Created User created a file
Deleted User deleted a file
Modified User modified or edited a file
Moved User moved a file to a new location
Renamed User renamed a file
Sharing Changed User changed the sharing state of the file.
Action Description
AdvMalwareScan
Alert
Classify Applied a classification tag to a file
CreateCopy Copy of file was created and placed in configured location.
DLPScan DLP Scan was performed on a file
DownloadFailure
Encrypt File was encrypted
ICAP File was sent to 3rd party DLP system over ICAP
MalwareScan
Notify Even triggered a notification to be sent to user and/or admin(s)
PendingAdvMalwareScan
PendingDLPScan DLP scan is pending on a file
PendingMalwareScan
Quarantine File was quarantined and moved to the configured location
RemoveExternalShare External Share state was removed
RemoveFromWhitelist File was removed from being on the whitelist
RemoveInternalShare Internal Share state was removed
RemovePublicShare Public Share sate was removed
ScanTimeout API scan on the file timed out
Whitelist File was added to the whitelist