Sequence detector in Detect app in CloudSOC is configured for Office 365, and is not triggering on some file activity like multiple file deletions.
Release : 1
Office 365 uses a service account called [email protected] to do some of their backend file activity. The [email protected] user is excluded from some activities that would calculate into the sequence detector because that user is a service user and would cause multiple other issues.
Currently there is no resolution, but this is being looked into by CASB development as an enhancement.