Events Page

This page includes:

About the Events page

The Users > Events page in FortiMail Browser Security lets you see the FortiMail Browser Security events log - that's a log of specific events that occurred on any device on which the extension is deployed. Logged events include activity such as:

  • attempts to access websites that are blocked [or "warned"] by policy restrictions

  • attempts to download files that have extensions that are blocked by policy restrictions

  • attempts to upload files

  • downloaded files that were blocked because they could not be scanned because they were too large or were password-protected

The events log also displays events that were performed on 3rd-party extensions on end-user devices.

Note:

  • Successful attempts are not included in the log [except for successful login attempts and upload attempts - which are included].

  • The Events page shows activity events that are triggered by website rules and failed downloads. To see events that were triggered due to malicious content, see Scans.

For information about how to define policy restrictions, see Website Rules.

You can click the Export to CSV button [in the top-right corner of the Events page] to generate and download a CSV file that contains the displayed events.

Available events

Below is the full set of events that are logged in the events log. In addition, details of some of the events are shown below [Events - in detail].

Scenario

Event text

File scans

  • File not scanned

  • File scan failed

File uploads

  • Successful file upload

    Note: By default, successful upload attempts are not logged in the extension activity table; blocked upload attempts are logged. You can configure successful upload attempts to be logged as well. For details, see Audit file uploads.

  • File upload blocked

    Note: For information about how to configure whether or not blocked upload events are recorded, see Report events.

File downloads

  • File download blocked by policy

Website access

  • Malicious website blocked

  • User logged in to website

    Note: You can configure FortiMail Browser Security to not record website logins. For details, see Monitor login activity.

  • Website blocked by policy via category match

  • Website blocked by policy via domain match

  • User warned before accessing malicious website

  • User warned before accessing website by policy via category match

  • User warned before accessing website by policy via domain match

  • User bypassed warning about unsafe site

  • User reported detection issue

Third party extensions

  • Third party extension enabled

  • Third party extension installed

  • Third party extension uninstalled

  • Third party extension updated

  • Third party extension disabled by policy

  • Failed to disable third party extension

Sensitive data input

  • Sensitive data input

 

  • Paste-out blocked by policy

 

  • Printing blocked by policy

 

  • User reused password

Events - in detail

The two tables below show details of the events that are logged in the events log:

Blocked website activity - based on policy

Event trigger

Activity title

Sample activity details

Attempted to access a URL that is included in a blocked domain

Website blocked by policy

Specific url is in block list: https://MyGamblingSite.com/

Attempted to access a URL that is included in a "warned" domain

User warned before accessing website

The URL is included in a warned category: [Generative AI]. URL: https://chat.openai.com/auth/login

Attempted to access a URL that is included in a blocked category

Website blocked by policy

URL of category adult blocked: https://Acme-adult.com/hello

Attempted to download a file from a blocked domain

[currently available using the downloadsBlackList advanced features only - not available in the UI]

File download blocked by policy

Download blocked as it originated in acme.com: DownloadFile.exe

Attempted to download a file that has a blocked extension

File download blocked by policy

Download blocked as it is of type exe: DownloadFile.exe

Attempted to upload a file:

  • Permitted: User was permitted to upload a file to the specified URL-domain.

    Note: By default, successful upload attempts are not logged in the extension activity table; blocked upload attempts are logged. You can configure successful upload attempts to be logged as well. For details, see Audit file uploads.

  • Blocked: User was prevented from uploading a file to the specified URL-domain.

    Note: For information about how to configure whether or not blocked upload events are recorded, see Report events.

  • Permitted: Successful file upload

  • Blocked: File upload blocked

  • Permitted: User uploaded the following file(s) to https://acme.com: Clean-file.doc

  • Blocked: The system blocked an attempt to upload the following file(s) to https://acme.com: Clean-file.doc

Attempted to paste out of a blocked domain

Paste-out blocked by policy

---

Attempted to print from a blocked domain

Printing blocked by policy

---

Website scan verdict is malicious

Malicious website blocked

---

Policy restrictions can be specified either in the Website Rules tab inside each policy or using advanced features. For information on how to define policy restrictions, see Website Rules.

Scans not completed on downloaded files

Reason for event

Activity title

Sample activity details

File is too large

File not scanned

File VeryLargeFile.txt was downloaded. It was not scanned because it was too large.

File downloaded by a third-party browser extension

File not scanned

File downloaded by a browser extension was not scanned.

File is password protected

File scan failed

File Password-Protected.zip was downloaded. It was not scanned because it was password protected.

Unknown

No event is recorded

File Downloaded-file.png was downloaded, but the scan was not completed successfully.

File download scan verdict is malicious

  

---

Data retention

Events in the events log are maintained for 365 days.

See also: