Enterprise Mobility and Security Blog

RSS

We believe in continuous innovation to bring you deeper visibility, better data control, and strong threat protection for your cloud apps. The Cloud App Security team provides frequent releases and continuously updates and enhances our solution.

Today, we would like to share enhancements in discovery, investigation, and threat detection features with our recent release:

Automatically upload any log format for discovery analysis

We have been supporting custom log formats, and thanks to your input, we have now embedded it into our log collectors and automated log upload functionality. This means now you can easily use custom log formats for automated log uploads, for instance from your SIEM or any other custom log format you use.

View and Investigate user activity in cloud apps with a special focus on IP addresses

Extending our previously released user insights, you can now view detailed information about IP addresses in the Activity Drawer. From within each specific activity, you can click on the IP address tab to view consolidated data about the IP address, including the number of open alerts for the specific IP address, and a trend graph for the recent activities together with a location map.

For example, while investigating impossible travel alerts, you can easily understand where the IP address was located and whether it was involved in suspicious activities or not.

You can also perform actions directly in the IP address drawer that enable you to tag an IP address as risky, VPN, or corporate to enable investigation and policy creation. For more information please see IP address insights at our technical documentation site.

image

Gain enhanced visibility into Salesforce activities

More visibility into Salesforce objects such as leads, accounts, campaigns, opportunities, profiles, and cases allows configuration of a policy based on these objects. An example would be to create an alert when a user views an unusually large number of account pages. This is available through the Salesforce App Connector, when you have enabled Salesforce Event Monitoring (part of Salesforce Shield).

For more information regarding our releases, please refer to our release notes.

Your feedback is key to our product development process. If you have questions, comments or feedback, please leave a comment below or visit our Microsoft Cloud App Security Tech Community page.