Sequence-based detector does not trigger with Office 365 activity
search cancel

Sequence-based detector does not trigger with Office 365 activity

book

Article ID: 260271

calendar_today

Updated On:

Products

CASB Securlet IAAS

Issue/Introduction

Sequence detector in Detect app in CloudSOC is configured for Office 365, and is not triggering on some file activity like multiple file deletions.

Environment

Release : 1

Cause

Office 365 uses a service account called app@sharepoint to do some of their backend file activity. The app@sharepoint user is excluded from some activities that would calculate into the sequence detector because that user is a service user and would cause multiple other issues.

Resolution

Currently there is no resolution, but this is being looked into by CASB development as an enhancement.