Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Frequently Asked Questions (FAQs) and How-Tos about the Features of Cloud App Security (CAS)

    • Updated:
    • 25 Jun 2021
    • Product/Version:
    • Platform:
Summary

This article lists the most common inquiries on Cloud App Security Features that is not listed in common FAQ on the Online Help Center.

Details
Public

This article lists the most common inquiries on Cloud App Security Features that is not listed in common FAQ on the Online Help Center.

  1. Find the mail header specific to the type of mails you want to approve. Image below is a sample mail in Outook 2019:

    Sample Mail

    Click the image to enlarge.

  2. Locate the header name and value.
    Confirm the specific mail header exists in all mails of the type, or find a header specific to such mails by reviewing mail headers of all sample mails.
    In the Sample image from Step 1, which promotes PMP Certification Training, the header "List-Unsubscribe: <mailto:agileprojecttec-*>" exists in all such mails.
  3. Add the Approved Header Field.

    Approved Header field

    Click the image to enlarge.

Similarly, to bypass WRS check, configure the Approved Header Field List under Web Reputation:

Bypass WRS

Click the image to enlarge.

  1. Access CAS web console, and go to Logs.
  2. Specify search criteria to search for relevant log data, the click Save.

    Select Report Type

    Click the image to enlarge.

  3. Select Scheduled Report, then click Save.

    Save as  Scheduled Report

    Click the image to enlarge.

  4. Once a scheduled report is generated as scheduled, you can find it under Logs > Reports.

    Scheduled Reports

    Click the image to enlarge.

For more details, refer to the following links:

Configure CAS WRS to bypass such mails by specific header inside:

  1. Ask the tool vendor for the specific mail header they inserted to the mails, for example, KnowBe4 adds the following header:
    "X-PHISHTEST: This is a phishing security test from KnowBe4 that has been authorized by the recipient organization"

    You may also find such header by collecting several mail samples and open their headers to check.

  2. On CAS admin portal, access ATP Policy | Exchange Online > Web Reputation, enable "approved header field list" and then add the specific header to the list. If the header is too long, you may choose "Contains" operator like below:
    Name: X-PHISHTEST Contains Value: This is a phishing
Hover your mouse over the Question (?) mark on the top right corner of the screen, and then select the corresponding item to open. Refer to the screenshot below:

Missing Banners

Click the image to enlarge.

The default display language of CAS console depends on the Preferred languages setting in your browser. To change it, you can just change Preferred languages setting in your browser. Refer to the links below for instructions in changing the preferred language of the browser:

You may install Trend Micro Cloud App Security Add-On on your Splunk Enterprise by following the online help: Installing the Trend Micro Cloud App Security Splunk Add-On

Or you can also create your own Splunk app by utilizing CAS APIs if you are using other Splunk platforms: Supported Cloud App Security APIs

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000286824
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.