Please log in to CAS console with the CLP account, then disable SSO access. Cloud App Security will send an email message to notify the administrators of this change. Administrators can choose to log on to the management console using their old password, or reset the password, or ask the Cloud App Security global administrator to enable SSO when SSO link is back to normal.

The change will take effect immediately.

Please refer to Administrator Management for detailed steps.

1. Find the mail header specific to the type of mails you want to approve. Image below is a sample mail in Outook 2019:

   

   ^{Click the image to enlarge.}

2. Locate the header name and value.
   Confirm the specific mail header exists in all mails of the type, or find a header specific to such mails by reviewing mail headers of all sample mails.
   In the Sample image from Step 1, which promotes PMP Certification Training, the header "List-Unsubscribe: <mailto:agileprojecttec-*>" exists in all such mails.
3. Add the Approved Header Field.

   

   ^{Click the image to enlarge.}

Similarly, to bypass WRS check, configure the Approved Header Field List under Web Reputation:

^{Click the image to enlarge.}

1. Access CAS web console, and go to Logs.
2. Specify search criteria to search for relevant log data, the click Save.

   

   ^{Click the image to enlarge.}

3. Select Scheduled Report, then click Save.

   

   ^{Click the image to enlarge.}

4. Once a scheduled report is generated as scheduled, you can find it under Logs > Reports.

   

   ^{Click the image to enlarge.}

For more details, refer to the following links:

• Searching Logs
• Generating Reports

Configure CAS to bypass such mails by specific header inside:

1. Ask the tool vendor for the specific mail header they inserted to the mails, for example, KnowBe4 adds the following header:

   "X-PHISHTEST: This is a phishing security test from KnowBe4 that has been authorized by the recipient organization"

   You may also find such header by collecting several mail samples and open their headers to check.

2. On CAS admin portal, access Administration > Global Settings > Approved Header Field List for Exchange Online, select Enable approved header field list for Exchange Online and then add the specific header to the list. If the header is too long, you may choose "Contains" operator like below:

   Name: X-PHISHTEST Contains Value: This is a phishing

3. Click Add > OK.

Hover your mouse over the Question (?) mark on the top right corner of the screen, and then select the corresponding item to open. Refer to the screenshot below:

^{Click the image to enlarge.}

The default display language of CAS console depends on the Preferred languages setting in your browser. To change it, you can just change Preferred languages setting in your browser. Refer to the links below for instructions in changing the preferred language of the browser:

• Google Chrome
• Microsoft Edge
• Mozilla Firefox

You may install Trend Micro Cloud App Security Add-On on your Splunk Enterprise by following the online help: Installing the Trend Micro Cloud App Security Splunk Add-On

Or you can also create your own Splunk app by utilizing CAS APIs if you are using other Splunk platforms: Supported Cloud App Security APIs