Understanding Activity and Action descriptions in Proxy logs
This topic describes activities and actions supported in the Proxy logs.
The Activity column is the activity the user is doing that triggered the event.
Activity Name | Description |
---|---|
MFA | A user completes an action related to Multi-Factor Authentication |
Access | General web traffic |
Cloudstorage | High level tag for when a user has uploaded or downloaded a file from a cloud storage application (example: OneDrive, GDrive, Dropbox, etc). |
Downloaded | A user downloads a file from an application. |
Edit | |
High level category for any email related event. | |
IMAP | Email received via IMAP |
Login | User logged in. |
Logout | User logged out. |
User printed an online file to PDF. | |
ProvidedJustification | User provided justification for file upload (or download) |
Receive | A user receives an email |
Reauth | User had to reauthenticate due to session policy match |
Search | |
Send | A user sends an email |
SMTP | Email sent via SMTP |
Uploaded | A user uploads a file to an application |
Viewed | A user views a file watermarked with a callback on it. |
Web | When access is through a web browser. |
Salesforce: Accounts | Viewing or editing content on the Accounts tab |
Salesforce: Campaigns | Viewing or editing content on the Campaigns tab |
Salesforce: Contacts | Viewing or editing content on the Contacts tab |
Salesforce: Contracts | Viewing or editing content on the Contracts tab |
Salesforce: Dashboards | Viewing or editing content on the Dashboards tab |
Salesforce: Documents | Viewing or editing content on the Documents tab |
Salesforce: Files | Viewing or editing content on the Files tab |
Salesforce: Groups | Viewing or editing content on the Groups tab |
Salesforce: Forecasts | Viewing or editing content on the Forecasts tab |
Salesforce: Leads | Viewing or editing content on the Leads tab |
Salesforce: Opportunities | Viewing or editing content on the Opportunities tab |
Salesforce: Pricebooks | Viewing or editing content on the Pricebooks tab |
Salesforce: Products | Viewing or editing content on the Products tab |
Salesforce: Reports | Viewing or editing content on the Reports tab |
Salesforce: Solutions | Viewing or editing content on the Solutions tab |
Salesforce: Users | Viewing or editing content on the Users tab |
Salesforce: Other | Viewing or editing content on the general Salesforce tab |
The Action column is the action that Forcepoint ONE SSE takes based on policy configuration.
Action Name | Description |
---|---|
Alert | Event identified and logged in the alerts tab. |
Allow | File was allowed during upload or download. |
AllowedOnJustification | User was allowed to upload (or download) after justification was provided |
Apitokenalert | Alert relating to an issue with the API token. |
App_Teams | Activity applied to actions within the Teams chat app |
App_Yammer | Activity applied to actions within the Yammer chat app |
Blocked | File was blocked during an upload or download event |
DelayLogin | User login delayed |
Denied | User action denied |
DLP | Any DLP event identified based on policy match. The file matched a data pattern in policy configuration. |
DRM | File downloaded was made read only (DRM'd). |
Encrypted | File was encrypted during download or upload. |
Formtext | Action taken on formtext (such as text within a chat app). |
Masked | Text in chat app was masked so the sensitive content cannot be seen. |
Notify | Notification on policy sent out to configured users/admins |
PendingJustification | File upload (or download) denied pending justification from user |
Suspicoiususerlocations | User logged into application(s) from distant locations in short period of time |
SuspiciousUserLogins | Too many failed user login attempts. |
SuspiciousDataSharing | Email forwarded to consumer account containing an attachment or sensitive keyword. |
SuspiciousDataLocations | Watermarked file with callback was viewed from geographically distant locations. |
SuspiciousUserTFALogins | Too many (2) failed user TFA login attempts. |
Threat | Associated with identified malware |
Watermarked | File applied one of the watermark options (visible, invisible, callback) |
Webdlp | Forcepoint ONE SSE applied a DLP policy to a web traffic event. |