Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Activities Processed in Real Time

The Threat Protection pipeline processes events in two separate streams: the real-time stream and the batch stream. User activities relevant to data exfiltration are processed in the real-time stream, and everything else is processed in the batch stream.

The following activities are processed in the real-time stream, provided by service.  

Amazon Web Services

Activity Name Activity Category Source
AttachInternetGateway Administration API
AttachLoadBalancerToSubnets Administration API
AttachNetworkInterface Administration API
AttachRolePolicy Administration API
AttachUserPolicy Administration API
AttachVolume Administration API
AttachVpnGateway Administration API
AuthorizeSecurityGroupEgress Administration API
CheckMfa Administration API
CreateAccessKey Administration API
CreateVpcEndpoint Administration API
CreateVpcPeeringConnection Administration API
CreateVpnConnection Administration API
CreateVpnConnectionRoute Administration API
CreateVpnGateway Administration API
DeactivateMFADevice Administration API
DeactivatePipeline Administration API
Decrypt Administration API
DeleteNetworkAcl Administration API
DeleteNetworkAclEntry Administration API
Encrypt Administration API
GenerateCredentialReport Administration API
GetAccountAuthorizationDetails Administration API
GetAccountSettings20160819 Administration API
GetAuthorizationToken Administration API
GetAuthorizers Administration API
ListRoots Administration API
ListSecurityConfigurations Administration API
ListServerCertificates Administration API
ListSSHPublicKeys Administration API
ListWebACLs Administration API
StopLogging Administration API
UpdateServiceSpecificCredential Administration API
UpdateSSHPublicKey Administration API
UploadServerCertificate Administration API
UploadSSHPublicKey Administration API
CopyDBSnapshot Data Download API
CopyImage Data Download API
CopySnapshot Data Download API
DownloadDBLogFilePortion Data Download API
GenerateClientCertificate Data Download API
GenerateDataKey Data Download API
GenerateDataKeyWithoutPlaintext Data Download API
GetApiKey Data Download API
GetApiKeys Data Download API
GetBucketAcl Data Download API
GetClientCertificates Data Download API
GetClusterCredentials Data Download API
GetIdentityMailFromDomainAttributes Data Download API
GetKeyPairs Data Download API
GetSSHPublicKey Data Download API
GitPull Data Download API
ImportImage Data Download API
DOWNLOAD Data Download Proxy/SSL Logs, API

 

Azure AD

Activity Name Activity Category Source
Reset user password Administration API
Set domain authentication Administration API
Verify email verified domain Administration API
Viral tenant creation Administration API
Update external secrets Data Updates API
Password logon initial auth using password Login Success API
DOWNLOAD Data Download Proxy/SSL Logs

 

Box

Activity Name Activity Category Source
Folder Copy Data Access API
Download File Data Download Proxy/SSL Logs, API
Download Folder Data Download API
Admin Login Login Success API
DOWNLOAD Service Usage Proxy/SSL Logs

 

Dropbox

Activity Name Activity Category Source
File/Folder Copy Data Access Proxy/SSL Logs
DOWNLOAD Data Download Proxy/SSL Logs
Download File Data Download Proxy/SSL Logs
Download Folder/Files as ZIP Data Download Proxy/SSL Logs
Restored Versioned File Data Download Proxy/SSL Logs

 

Dropbox for Business

Activity Name Activity Category Source
Changed single sign-on identity mode Administration API
Changed single sign-on url Administration API
Disabled single sign-on Administration API
Disabled two-step verification Administration API
Removed single sign-on url Administration API
Removed two-step verification backup phone Administration API
Transferred account contents Administration API
Updated single sign-on certificate Administration API
File Copied Data Access API
Allowed non collaborators to view links to files in a shared folder External Data Sharing API
Copied the contents of a link to their Dropbox (non-team member) External Data Sharing API
Downloaded the contents of a link (non-team member) External Data Sharing API
Invited non-team member(s) to a shared folder External Data Sharing API
Made the contents of a link visible to anyone with the link External Data Sharing API
Failed to sign in via SSO Login Failure API
download_files Service Usage API

 

Exchange Online

Activity Name Activity Category Source
Disable-MalwareFilterRule Administration API
Remove-DlpPolicy Administration API
Remove-MalwareFilterPolicy Administration API
Remove-MalwareFilterRule Administration API
Set-MalwareFilterPolicy Administration API
Set-MalwareFilterRule Administration API
Set-RoleGroup Administration API
Set-SharingPolicy Administration API
Copy item to folder Data Access API
Mailbox is accessed by an admin or delegate Data Access API
Mailbox login Login Success API

 

Google Drive

Activity Name Activity Category Source
DOWNLOAD Service Usage API
Download File Service Usage API

 

Office 365

Activity Name Activity Category Source
Yammer-Download File Data Download Proxy/SSL Logs
FileDownloaded Service Usage API
FileSyncDownloadedFull Service Usage API
FileSyncDownloadedPartial Service Usage API
DOWNLOAD Data Download Proxy/SSL Logs

OneDrive

Activity Name Activity Category Source
Update User Permissions Administration Proxy/SSL Logs
Copy File Data Access Proxy/SSL Logs
Copy Folder Data Access Proxy/SSL Logs
Download Word Document as PDF/PPT/ODT Data Download Proxy/SSL Logs
Download Workbook Data Download Proxy/SSL Logs
Download File Data Download Proxy/SSL Logs
Site collection admin added Administration API
WAC token shared Administration API
File copied Data Access API
File changes downloaded to computer Data Download API
File downloaded Data Download API
Files downloaded to computer Data Download API

SharePoint

Activity Name Activity Category Source
DOWNLOAD Service Usage Proxy/SSL Logs
Site collection admin added Administration API
WAC token shared Administration API
File copied Data Access API
File changes downloaded to computer Data Download API
File downloaded Data Download API
Files downloaded to computer Data Download API

 

Salesforce

Activity Name Activity Category Source
Create Delegated Administrators Administration Proxy/SSL Logs, API
Create Login IP Range of Profile Administration Proxy/SSL Logs, API
Create NetworkAccess Entry Administration Proxy/SSL Logs, API
Create Permission Sets Administration Proxy/SSL Logs, API
Create PermissionSet Administration Proxy/SSL Logs, API
Deactivate User Administration Proxy/SSL Logs, API
Delete Group Administration Proxy/SSL Logs, API
Delete Login IP Range of Profile Administration Proxy/SSL Logs, API
Delete NetworkAccess Entry Administration Proxy/SSL Logs, API
Delete PermissionSet Administration Proxy/SSL Logs, API
Delete Role/Sub Role Administration Proxy/SSL Logs, API
Download Setup Audit Trail Administration Proxy/SSL Logs, API
Edit NetworkAccess Entry Administration Proxy/SSL Logs, API
Inline Delete Permission Sets Administration Proxy/SSL Logs, API
Manage Delegated Groups Administration Proxy/SSL Logs, API
Mass Delete Administration Proxy/SSL Logs, API
Remove Delegated Group Administration Proxy/SSL Logs, API
Create Attachment Data Access Proxy/SSL Logs, API
List Account Data Access Proxy/SSL Logs, API
List Contact Data Access Proxy/SSL Logs, API
List Contract Data Access Proxy/SSL Logs, API
List Opportunity Data Access Proxy/SSL Logs, API
View Account Data Access Proxy/SSL Logs, API
View Accounts Data Access Proxy/SSL Logs, API
View Attached File Data Access Proxy/SSL Logs, API
View Attachment Data Access Proxy/SSL Logs, API
View Contact Data Access Proxy/SSL Logs, API
View Contacts Data Access Proxy/SSL Logs, API
View Contract Data Access Proxy/SSL Logs, API
View Contracts Data Access Proxy/SSL Logs, API
View Leads Data Access Proxy/SSL Logs, API
View Opportunities Data Access Proxy/SSL Logs, API
Chatter File Download Data Download Proxy/SSL Logs, API
Data Exported Data Download Proxy/SSL Logs, API
Download Doc Data Download Proxy/SSL Logs, API
Download Preview Data Download Proxy/SSL Logs, API
Download Saved Report Data Download Proxy/SSL Logs, API
Login Login Success Proxy/SSL Logs, API
Download Ad-hoc Report Report Execution Proxy/SSL Logs, API
Document Attachment Downloads Service Usage API
DOWNLOAD Service Usage Proxy/SSL Logs, API

Slack

Activity Name Activity Category Source
Channel Created Administration API
Download File Data Download Proxy/SSL Logs
File Downloaded Data Download Proxy/SSL Logs

 

 

  • Was this article helpful?