Update on new Cloud App Security discovery, investigation, and threat detection features
First published on CloudBlogs on Aug 10, 2017
We believe in continuous innovation to bring you deeper visibility, better data control, and strong threat protection for your cloud apps. The Cloud App Security team provides frequent releases and continuously updates and enhances our solution.
Today, we would like to share enhancements in discovery, investigation, and threat detection features with
our recent release
Automatically upload any log format for discovery analysis
We have been supporting
custom log formats
, and thanks to your input, we have now embedded it into our log collectors and automated log upload functionality. This means now you can easily use custom log formats for automated log uploads, for instance from your SIEM or any other custom log format you use.
View and Investigate user activity in cloud apps with a special focus on IP addresses
Extending our previously released user insights, you can now view detailed information about IP addresses in the Activity Drawer. From within each specific activity, you can click on the IP address tab to view consolidated data about the IP address, including the number of open alerts for the specific IP address, and a trend graph for the recent activities together with a location map.
For example, while investigating impossible travel alerts, you can easily understand where the IP address was located and whether it was involved in suspicious activities or not.
You can also perform actions directly in the IP address drawer that enable you to tag an IP address as risky, VPN, or corporate to enable investigation and policy creation. For more information please see
IP address insights
at our technical documentation site.
Gain enhanced visibility into Salesforce activities
More visibility into Salesforce objects such as leads, accounts, campaigns, opportunities, profiles, and cases allows configuration of a policy based on these objects. An example would be to create an alert when a user views an unusually large number of account pages. This is available through the Salesforce App Connector, when you have enabled Salesforce Event Monitoring (part of Salesforce Shield).
For more information regarding our releases, please refer to our
Your feedback is key to our product development process. If you have questions, comments or feedback, please leave a comment below or visit our
Microsoft Cloud App Security Tech Community page