CASB O365 Activities versus O365 E-Discovery Tool
search cancel

CASB O365 Activities versus O365 E-Discovery Tool

book

Article ID: 248673

calendar_today

Updated On:

Products

CASB Security Advanced CASB Security Premium CASB Security Standard CASB Securlet SAAS CASB Gateway

Issue/Introduction

We see many more activities/events in the O365 Admin eDiscovery console than in CloudSOC O365 Securlet Activities or in Investigate for Users.

Why does CloudSOC not show the same information found in the O365 Admin eDiscovery Tool?

Cause

Working as designed.

Resolution

CASB products typically focus on sensitive data, such as PII, PCI, proprietary data, etc. CASB helps identify data shared inappropriately by inspecting the content. This serves data protection use cases like identification of sensitive data, prevention of loss of sensitive data, and remediation in case of data loss.

E-discovery typically pulls events and corresponding files from O365 and similar apps. This information is generally stored in third-party data warehouses where it can be searched, archived, or retrieved. This serves legal and compliance use cases like legal hold, retention, etc.