• Cloud App Security
• Understanding Cloud App Security
• Configuring Cloud App Security
  • Subscribing to Cloud App Security
  • Activating Cloud Applications for Cloud App Security
  • Activating Dropbox for Cloud App Security
• Managing Quarantine for Box
  • Setting Up a Quarantine Folder for Dropbox
  • Using the Quarantine Page
  • Using the Quarantined File Creator Dashboard
  • Managing Quarantine for Dropbox
  • Managing Restore Requests
• Using the SonicWall Cloud App Security Dashboard
  • Using the Security Events Widgets
    • Changing a Security Event Widget to an Alert or Custom Query
    • Resetting a Security Event Widget
    • Hiding a Security Event Widget
    • Configuring Security Event Widget Custom Queries
    • Adjusting the Time Scale
  • Viewing the Summary of Security Events
  • Viewing Login Events
  • Viewing Secured Applications
  • Viewing the Scanned Files Summary
• Managing Security Events
  • Using the Security Event Graphs
    • Viewing Security Events by Severity
    • Viewing Security Events by State
    • Viewing Security Events by Cloud Application
  • Viewing and Acting on Security Events
    • Removing Filters
    • Acting on Security Events
  • Managing Multiple Events
• Managing Policies
  • Understanding Cloud App Security Policies
    • Monitor only
    • Detect and Prevent
  • Creating New Policy Rules
    • Creating Data Leak Protection Policy Rules
    • Creating Malware Policy Rules
    • Creating Threat Detection Policy Rules
    • Creating Custom Query Policies
  • Stopping Policy Rules
  • Removing Policy Rules
• Using Data Leak Protection
  • Configuring Data Leak Protection Detection Rules
  • Reactivating Data Leak Protection
  • Predefined Data Leak Protection Policy Rules
    • Global Rules
    • Credentials and Secrets
    • Predefined Data Leak Protection Rules for Specific Countries
      • Argentina
      • Australia
      • Belgium
      • Brazil
      • Canada
      • Chile
      • China
      • Columbia
      • Denmark
      • Finland
      • France
      • Germany
      • Hong Kong
      • India
      • Indonesia
      • Ireland
      • Israel
      • Italy
      • Japan
      • Korea
      • Mexico
      • The Netherlands
      • Norway
      • Paraguay
      • Peru
      • Poland
      • Portugal
      • Singapore
      • Spain
      • Sweden
      • Taiwan
      • Thailand
      • Turkey
      • United Kingdom
      • United States
      • Uruguay
      • Venezuela
• Using Cloud App Security Analytics
  • Viewing the Summary Report
  • Viewing the Weekly Reports
  • Viewing Dropbox Analytics
  • Viewing Shadow SaaS Analytics
  • Viewing and Creating Custom Queries
    • Creating Custom Queries
    • Adding Custom Queries to the Dashboard
• Configuring Cloud Applications in the Cloud App Store
  • Configuring Box for Cloud App Security
  • Re-Authorizing Cloud Applications
• Managing Security Applications in the Security App Store
  • Starting Security Applications
  • Stopping Security Applications
• Managing Security Tool Exceptions
• Using the System Log
  • Viewing the System Log
  • Exporting the System Log
• Managing Cloud App Security Licenses
  • Adding Administrator Users
  • Adding Read-Only Users
  • Unassigning Cloud App Security Licenses
• SonicWall Support
  • About This Document

Understanding Anomalies

One threat individuals in your organization can face is the takeover of their account(s). SonicWall Cloud App Security can detect this by analyzing unusual behavior an account user, such:

• logins to an account from new browsers, devices, or locations
• suspicious email activity or configurations, such as deleting all incoming email messages or forwarding messages to an external account or domain
• email account configurations that are insecure or make extensive use of filters, forwarding, or secondary accounts
• accounts where two-factor authentication has been disabled
• suspicious internal emails, often with multiple recipients
• multiple account password resets within an unusually short period of time
• changes in the grouping of contacts in emails messages or mailing lists
• changes in the usual characteristics of user sessions (such as the time of day, length of login session, or applications used)

• Managing Anomaly Exceptions