Time the remediation action occurred. Values are in
Serial number of the organization using the service (tenant).
Type of log. In this case,
Instance name of the cloud application (not the type of cloud application) associated with the remediation of the incident.
Policy violation or incident severity valued between
Unique ID number for the incident. Can be null (no value).
Unique ID number for the asset associated with the remediation of the incident.
Name of the file, folder, or user associated with the remediation of the incident.
User who owns the asset associated with the remediation.
Value is the
bucketnamefor AWS S3, Google Cloud Platform, and Microsoft Azure assets. The value is
nullfor the remaining applications.
User who created the asset associated with the remediation.
Names of one or more policy rules (not policy type) that were matched.
Not currently implemented.
Remediation action taken on SaaS Security API. (
User Quarantine, or
Remove Public Links).
User who performed the remediation. For automated remediation, the value is
Email address of the item creator.
Email address of the item owner.