Views:

This article lists the most common inquiries on Cloud App Security Features that is not listed in common FAQ on the Online Help Center.

  1. Find the mail header specific to the type of mails you want to approve. Image below is a sample mail in Outook 2019:

    Sample Mail

    Click the image to enlarge.

  2. Locate the header name and value.
    Confirm the specific mail header exists in all mails of the type, or find a header specific to such mails by reviewing mail headers of all sample mails.
    In the Sample image from Step 1, which promotes PMP Certification Training, the header "List-Unsubscribe: <mailto:agileprojecttec-*>" exists in all such mails.
  3. Add the Approved Header Field.

    Approved Header field

    Click the image to enlarge.

Similarly, to bypass WRS check, configure the Approved Header Field List under Web Reputation:

Bypass WRS

Click the image to enlarge.

  1. Access CAS web console, and go to Logs.
  2. Specify search criteria to search for relevant log data, the click Save.

    Select Report Type

    Click the image to enlarge.

  3. Select Scheduled Report, then click Save.

    Save as  Scheduled Report

    Click the image to enlarge.

  4. Once a scheduled report is generated as scheduled, you can find it under Logs > Reports.

    Scheduled Reports

    Click the image to enlarge.

For more details, refer to the following links:

Configure CAS to bypass such mails by specific header inside:

  1. Ask the tool vendor for the specific mail header they inserted to the mails, for example, KnowBe4 adds the following header:
    "X-PHISHTEST: This is a phishing security test from KnowBe4 that has been authorized by the recipient organization"

    You may also find such header by collecting several mail samples and open their headers to check.

  2. On CAS admin portal, access Administration > Global Settings > Approved Header Field List for Exchange Online, select Enable approved header field list for Exchange Online and then add the specific header to the list. If the header is too long, you may choose "Contains" operator like below:
    Name: X-PHISHTEST Contains Value: This is a phishing
  3. Click Add > OK.
Hover your mouse over the Question (?) mark on the top right corner of the screen, and then select the corresponding item to open. Refer to the screenshot below:

Missing Banners

Click the image to enlarge.

The default display language of CAS console depends on the Preferred languages setting in your browser. To change it, you can just change Preferred languages setting in your browser. Refer to the links below for instructions in changing the preferred language of the browser:

You may install Trend Micro Cloud App Security Add-On on your Splunk Enterprise by following the online help: Installing the Trend Micro Cloud App Security Splunk Add-On

Or you can also create your own Splunk app by utilizing CAS APIs if you are using other Splunk platforms: Supported Cloud App Security APIs