Sequence detector in Detect app in CloudSOC is configured for Office 365, and is not triggering on some file activity like multiple file deletions.

Release : 1

Office 365 uses a service account called app@sharepoint to do some of their backend file activity. The app@sharepoint user is excluded from some activities that would calculate into the sequence detector because that user is a service user and would cause multiple other issues.

Currently there is no resolution, but this is being looked into by CASB development as an enhancement.