CASB O365 Activities versus O365 E-Discovery Tool
search cancel

CASB O365 Activities versus O365 E-Discovery Tool


Article ID: 248673


Updated On:


CASB Security Advanced CASB Security Premium CASB Security Standard CASB Securlet SAAS CASB Gateway


We see many more activities/events in the O365 Admin eDiscovery console than in CloudSOC O365 Securlet Activities or in Investigate for Users.

Why does CloudSOC not show the same information found in the O365 Admin eDiscovery Tool?


Working as designed.


CASB products typically focus on sensitive data, such as PII, PCI, proprietary data, etc. CASB helps identify data shared inappropriately by inspecting the content. This serves data protection use cases like identification of sensitive data, prevention of loss of sensitive data, and remediation in case of data loss.

E-discovery typically pulls events and corresponding files from O365 and similar apps. This information is generally stored in third-party data warehouses where it can be searched, archived, or retrieved. This serves legal and compliance use cases like legal hold, retention, etc.