Reports

Kaspersky Security for Microsoft Office 365 allows you to generate protection reports on the activity of the application protection modules in PDF format, or Data Discovery module reports in CSV format.

Reports include statistics analyzed over the period of time during which the corresponding application modules were enabled. The application retrieves no statistics on modules that are disabled.

You can generate an instant report manually or set up a schedule for automatic report generation.

Protection reports

Protection reports cover a period of at least one day, and include the following information:

1. Exchange Online detection overview. The section contains two charts:
   • The circle diagram provides statistics on the statuses assigned to messages scanned by the application:
     • Clean or allowed. Scanned messages that contain no malicious objects, spam, or phishing links; or messages excluded from scanning.
     • Malware. Messages found to contain malicious objects.
     • Phishing. Messages found to contain phishing links.
     • Spam. Detected spam messages.
     • Mass mail. Detected mass mail messages.
     • Filtered attachments. Messages found to contain files that match the attachment filtering criteria.
     • Denylist. Messages blocked by the Denylist module.
   • The line chart visualizes the detection number progress over the selected period of time. The line chart provides information on the same message statuses as the circle diagram, except for the Clean or allowed scan result.
2. Exchange Online detailed statistics. A table that breaks down statistical data by time intervals within the specified period. The table provides information on the same message statuses as the circle diagram described above.
3. Top mailboxes with detected threats. The five mailboxes or users in which the largest number of messages containing viruses and other malicious objects were detected.
4. Top mailboxes with detected spam or phishing. The five mailboxes in which the largest number of spam messages and/or messages containing phishing links were detected.
5. OneDrive detection overview. The section contains the following information:
   • The circle diagram provides statistics on the statuses assigned to files scanned by the application:
     • Clean. Scanned files containing no malicious objects.
     • Malware. Files found to contain malicious objects.
6. OneDrive detailed statistics. A table that breaks down statistical data by time intervals within the specified period. The table provides information on the same statuses of the files as the circle diagram described above.
7. SharePoint Online detection overview. The section contains the following information:
   • The circle diagram provides statistics on the statuses assigned to files scanned by the application:
     • Clean. Scanned files containing no malicious objects.
     • Malware. Files found to contain malicious objects.
8. SharePoint Online detailed statistics. A table that breaks down statistical data by time intervals within the specified period. The table provides information on the same statuses of the files as the circle diagram described above.

Data Discovery reports

Data Discovery reports cover a period of at least one day, and include the following information:

• Detection date: date of the threat detection.
• Item date. Depending on the service where the item was detected, this column displays the following information:
  • The receipt date for incoming messages
  • The date when the message was sent for outgoing messages
  • The draft creation date for messages drafts
  • The date when the OneDrive or SharePoint Online file was uploaded or modified
• Access level. This column displays the information about accessibility of the detected item. The values can be as follows:
  • Organization: the item is shared within your organization.
  • Owner: the item is available to its owner only.
  • Global: the item is accessible globally.
  • Unknown: accessibility status of the item is unknown.
• Categories: detected item type. It can be Credit cards info, German personally identifiable information or both.
• Cardinality: general quantity of confidential data within a detected item.
• Detection path: URL or path to the location where the file was detected; used for OneDrive and SharePoint Online files only.
• From: sender of the message; used for Exchange Online messages only.
• To: recipient of the message; used for Exchange Online messages only.
• Subject: subject of the message; used for Exchange Online messages only.
• User. Depending on the service where the item was detected, this column displays name of the protected Exchange Online mailbox, name of the protected OneDrive user, or name of the user that uploaded the detected item to the protected SharePoint Online site.
• Traffic type: traffic type of the detected item. It can be as follows:
  • Incoming
  • Outgoing
  • Internal
  • N/A (unknown)
• Scan type: type of the scan. It can be Real-time only.
• Storage: storage type. The items are stored by Kaspersky Security.
• File name: name of the detected file; used for OneDrive and SharePoint Online files only.
• Modified by: name of the user that modified the detected file; used for OneDrive and SharePoint Online files only.
• Service: service where the item was detected. It can be as follows:
  • Exchange Online
  • OneDrive
  • SharePoint Online

In this section Generating an instant report manually Scheduling automatic report generation

Page top