||Timeframe during the security events occurred: previous 60 minutes, 24 hours, 7 days, 30 days, or 12 months.
||State of the security events: these can be new events, remediated events, exceptions, or dismissed events.
||Security types: DLP, Malware, Malicious, Phishing, Anomaly, Suspicious, Shadow IT, Alert, or Spam.
||Severity level of the security events: Critical, High, Medium, Low, or Lowest.
||All active cloud applications (Office 365 Emails, Gmail, etc.)
||Tool that identified the threat (Anti-phishing, DLP, Advanced Threat Protection)
||Search for specific events based on the information available for the events.
||Take action on a selection group of security events.