Understanding log details

Selecting the file name under the Event Logs section in the Activity Log tab will bring up the details of the file.

The following fields are displayed in the Details dialog:

  • Name: Name of the File.
  • Time: Time of the Event.
  • Type: Type of the file.
  • Size: Size of the file.
  • Owner: The owner of the file's account name.
  • User Groups: The user groups that owner belongs.
  • App: Application to which the file belongs.
  • Creation Time: Time at which the file was created.
  • Modification Time: Last modification time of the file.
  • Team: Slack team the owner belongs to
  • Status: One or more tags indicating specific user behavior associated with the file. An example would be a file shared externally and matching a DLP pattern would be tagged as Shared, External and DLP. Tags could be Shared, Public, External, Internal, DLP, Renamed, Deleted and Moved.
    • Private: Files that are not shared with anyone.
    • Internal: Files shared with people internal to the organization.
    • External: Files shared with specific people outside the corporate domain but within the application vendor domain (example, sharing from your corporate Gmail account to personal Gmail account).
    • Public: Files shared by creating shareable links which do not require any user authentication. Files shared with users outside the application vendor domain is also considered as public. (example, sharing from your corporate Gmail account to personal OneDrive account)
  • ID: ID number of the file.
  • Table - Table scanned inside the ServiceNow.
  • Fields - Fields scanned inside the ServiceNow.
    Note: If you attempt to delete a field directly from the table in ServiceNow, it will only be removed from the frontend due to the storage alias. To ensure that the field is also removed from the API logs page, you must follow the steps provided by ServiceNow for field deletion.
  • Path: Location of the file.
  • Link: Link to the file to view the item.
  • Shared With: Who the file is shared with if it's shared.
  • DLP Match Locations: Where the file was located when it matched a DLP Pattern.
  • Attachments: If the file is an email, if it contained any attachments.
  • Data Pattern: DLP pattern matched.
  • Labels: Labels defined for the document.
  • Threat: Malware threat indicators.
  • Hash: Hash info of the file if applicable
  • Organization: Name of the organization that file belongs.