Why Do Scans Appear as User Download Activity?

Cisco Cloudlock's scans of a customer environment are seen as "User Downloads”, as Cloudlock utilizes user impersonation logins to access and scan queued files. The files are not actually stored by Cloudlock; only access content and metadata needed for Incident creation (e.g. owner, ACL, activity history, match excerpts, etc.) will be retained in any capacity. This download scan action does not appear in the Activity feed, as Cloudlock filters this information out by recognizing its own source IP.
However, sometimes Google does not properly report the activity and does not provide the source IP address. When this happens, Cloudlock cannot recognize and filter out its own activity, and it will display within the customer's activity feed as a User Download.

Why Do Scans Appear as User Download Activity?


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.