Office 365 securlet may list activity performed by the user app@sharepoint instead of the user that performed the action.

The action will show in DLP as having No Name for the user when reported in CASB as app@sharepoint.

The app@sharepoint user is a service user used by Sharepoint.  If the user that performed an activity does not have a valid license for Sharepoint, then CASB cannot sync the subscription for that user into CloudSOC. 

Verify users in CloudSOC have a license in Office 365 for Sharepoint