Understanding activity and action descriptions in API logs

When viewing the Dashboard in the Audit View, you will see columns for Activity (the activity the user was doing that generated the event) and Action (the action Forcepoint ONE SSE took per policy match).

Activity	Description
Created	User created a file
Deleted	User deleted a file
Modified	User modified or edited a file
Moved	User moved a file to a new location
Renamed	User renamed a file
Sharing Changed	User changed the sharing state of the file.

Action	Description
AdvMalwareScan
Alert
Classify	Applied a classification tag to a file
CreateCopy	Copy of file was created and placed in configured location.
DLPScan	DLP Scan was performed on a file
DownloadFailure
Encrypt	File was encrypted
ICAP	File was sent to 3rd party DLP system over ICAP
MalwareScan
Notify	Even triggered a notification to be sent to user and/or admin(s)
PendingAdvMalwareScan
PendingDLPScan	DLP scan is pending on a file
PendingMalwareScan
Quarantine	File was quarantined and moved to the configured location
RemoveExternalShare	External Share state was removed
RemoveFromWhitelist	File was removed from being on the whitelist
RemoveInternalShare	Internal Share state was removed
RemovePublicShare	Public Share sate was removed
ScanTimeout	API scan on the file timed out
Whitelist	File was added to the whitelist