Reporting
View, filter, and manage scan logs and Audit Trail events
Overview
The Reporting page provides filterable views for File Scan Logs, URL Scan Logs, and Audit Trail events. Use it to investigate security events, review scan history, restore or block URLs, release quarantined files, and review operational activity.
Accessing Reporting
Click the Reporting tab in the bowbridge Anti Virus for Salesforce app.
Reporting Areas
File Scan Logs show file scanning activity from uploads, downloads, test scans, and administrative release actions.
Common columns:
| Column | Description |
|---|---|
| Logging Date | When the log entry was created |
| Filename | Name of the scanned file |
| File Size | Size of the scanned file |
| MIME Type | Detected MIME type |
| Duration | Time needed for the scan |
| Scan Result | Clean, blocked, malicious, or policy related result |
| Scanned On | Upload, download, or another scan trigger |
| Scanned Location | Salesforce location where the file was scanned |
| Protection Profile | Profile used for the scan |
| IP Address | IP address related to the scan event |
| Audit Info | Additional audit details |
| Automatic Action | Action taken by the system |
Row actions can release quarantined files when the user has the required access. Releasing a file creates a new log entry.
URL Scan Logs show scanned URLs, scan results, threat information, and actions taken by URL scanning or Click Protection.
Common columns:
| Column | Description |
|---|---|
| Logging Date | When the log entry was created |
| Scanned URL | The URL that was scanned |
| Scan Result (Security) | Security score classification |
| Scan Result (Productivity) | Productivity score classification |
| Action Taken | Action applied by the system (e.g. block, allow) |
| Source Object | Salesforce object type where the URL was found |
| Source Field | Field on the object that contained the URL |
| Source Record | Link to the Salesforce record |
| User | User who triggered the scan |
| IP Address | IP address related to the scan event |
| Categories | Content categories detected for the URL (e.g. Malware & Threats, Gambling) |
| Matched Block Rule | Block rule that triggered the block action, highlighted in red when active |
The search bar also searches Categories and Matched Block Rule.
Row actions can include:
| Action | Description |
|---|---|
| Restore URL | Writes the original URL back into the source record field |
| Block URL | Blocks a URL and can update allow or block list settings based on the selected options |
| Add to Allowed URLs | Adds the URL to the selected profile allow list during restore |
| Remove from Blocked URLs | Removes the URL from the selected profile block list during restore |
Audit Trail shows operational events such as configuration changes, warnings, errors, license issues, and critical activity. These entries help administrators investigate what changed and when.
Common columns:
| Column | Description |
|---|---|
| Timestamp | When the event happened |
| Category | Area of the product related to the event |
| Event Type | Type of event such as configuration change, warning, error, or info |
| Severity | Critical, warning, or info |
| Title | Short event title |
| Message | Event details |
| Source | Product area that created the event |
| IP Address | Related IP address when available |
| Resolved | Whether the event has been marked as resolved |
Working With Large Result Sets
Each table supports refresh, sorting, active filter clearing, record counts, and infinite loading. Use date filters and search terms to narrow large investigations.
Exports
Dashboard CSV export provides scan log files for File Scan Logs and URL Scan Logs. See Dashboard for PDF and CSV export details.
Retention
Reporting data is controlled by Log Settings. File Scan Logs, URL Scan Logs, and Audit Trail entries each have separate retention and max entry values.