Google Workspace

Version: Google Workspace (formerly known as G Suite).

Google Workspace (formerly G Suite) is a package of cloud computing, productivity, and collaboration tools, software, and products developed by Google. Google Workspace comprises Gmail, Hangouts, Calendar, Docs, Sheets, Slides, Keep, Forms, Currents, Drive and Sites. Also, it consists of an admin panel and vault for managing users and services.

Netsurion Open XDR manages the logs retrieved from Google Workspace. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing the important and critical activities in Google Workspace.

The following are the key assets available in this Data Source Integration.

Alerts

TypeNameDescription
SecurityGoogle Workspace – Suspicious loginGenerated when a suspicious login activity has been detected in the Google Workspace account.
ComplianceGoogle Workspace – Login failureGenerated when a login failure activity has been detected in the Google Workspace account.

Reports

TypeNameDescription
OperationalGoogle Workspace – Login activitiesProvides details of all logins events that have happened in the Google Workspace account.
OperationalGoogle Workspace – Token logsProvides details of token activities like token generation for a user, validation, etc. in the Google Workspace account.
OperationalGoogle Workspace – Mobile activitiesProvides details of all the events that have occurred over mobile in the Google Workspace account.
OperationalGoogle Workspace – Admin activitiesProvides details of all the admin events that have occurred in the Google Workspace account.

Dashboards

TypeNameDescription
SecurityGoogle Workspace – Suspicious login by geolocationDisplays data of all the suspicious logins by the user’s geolocation.
ComplianceGoogle Workspace – Auth token usage by usernameDisplays multiple types of auth token methods used by username.
ComplianceGoogle Workspace – Login activitiesDisplays data of login activities of all the users in the Google Workspace account.
OperationalGoogle Workspace – Admin activities by usernameDisplays data of all the admin activities of users in the Google Workspace account.

Saved Searches

TypeNameDescription
OperationalGoogle Workspace – Admin activitiesProvides details of all the admin events that have occurred in the Google Workspace account.
OperationalGoogle Workspace – Login activitiesProvides details of all the login and logout events that have happened in the Google Workspace account.
OperationalGoogle Workspace – Mobile activitiesProvides details of all events that have occurred over mobile in the Google Workspace account.
OperationalGoogle Workspace – Token logsProvides details of token activities like token generation for a user, validation, etc. in the Google Workspace account.

Documentation

The configuration details are consistent with Netsurion Open XDR version 9.3 or later, and Google Workspace.

Download the Integration Guide for configuration instructions and more information.