Sandstorm - finding suspicious files, not sending them for analysis

Question

Sandstorm is finding suspicious files, but not sending them for analysis:

Suspicious files 
 1 
 2 
 3

Excluded by policy 
 1 
 0 
 1

Awaiting result 
 0 
 0 
 0

Malicious 
 0 
 0 
 0

Clean 
 0 
 0 
 0

Sent for analysis 
 0 
 0 
 0

Average analysis time 
 - 
 - 
 -

The Sandbox Activity tab shows "There is no data to display. This page lists files that have been sent to Sandstorm for analysis." 
 Have I set up something incorrectly?

Tamas Bajaki · Accepted Answer

Hi James, 
 This is going to be very basic, but please confirm these just in case: you DO have an active Sandstorm license and you DO have the "Enable Sandstorm" option turned on at Email Protection > SMTP > Malware tab, right? 
 Kind regards, Niriel~

Tamas Bajaki · Answer

Hi James, 
 It seems like I overcomplicated things a bit... :) 
 Suspicious items will be detected and displayed on WebAdmin even if you don't have Sandstorm turned on or don't even have an active Sandstorm license in the first place, so you will be able to see if your traffic includes suspicious elements. Using that knowledge you can make the decision whether your system will benefit from using Sandstorm or not. 
 Having turned the feature on, you should now start seeing suspicious items being submitted for analysis and dealt with according to its result. I will await your reply! 
 Kind regards, Niriel~