Google Workspace

Version: Google Workspace (formerly known as G Suite).

Google Workspace (formerly known as Gsuite) is a suite of cloud computing, productivity and collaboration tools, software and products developed by Google Cloud. Google Workspace comprises Gmail, Hangouts, Calendar and Currents for communication; Drive for storage; Docs, Sheets, Slides, Keep, Forms, and Sites for productivity and collaboration and depending on the plan, an admin panel and vault for managing users and the services.

Netsurion's Open XDR platform helps to monitor events from Google Workspace. Its dashboard, alerts and reports will help you to track login activities, suspicious logins, admin, auth tokens and mobile activities to keep you informed about the system and its activities. It will trigger alert whenever user tries to login but fails or about any suspicious login detected to tackle security issues.

Netsurion Data Source Integration for Google Workspace allows you to monitor the following components: -

  • Security- Login failures, Suspicious Login.
  • Operation -Admin activities, Auth Token activities, Mobile activities
  • Compliance -Login and logout activities.

After the Google Workspace is configured to deliver events to the Netsurion's Open XDR platform, the dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.


Type Name Description
Security Google Workspace - Login failed This alert is generated when user fails to login.
Security Google Workspace - Suspicious login This alert is generated when any suspicious login is detected.


Type Name Description
Security Google Workspace - Login Failure This report gives information regarding all the login failures detected in Google Workspace. Reports contains IP address, logon type, username and other useful information for further analysis.
Operations Google Workspace - Admin Activities This report gives the information about the admin activities performed such as user creation, email log search, google chrome, hangout activities, etc. Reports contains IP address, username, customer id, log type and other fields which will be helpful for further investigation.
Operations Google Workspace - Mobile Activities This report gives the information about all the mobile activities such as device application change, OS update, device compliance status, device action, device ownership, device settings change etc. Reports contains user email, device ID, device type, device events, etc. which can be used for further investigation.
Operations Google Workspace - Token Activities This report gives information about all the OAuth token audit activity events like authorize and revoke. Reports contains IP address, application name which used the token, action as authorize or revoke and other useful details for further investigation.
Compliance Google Workspace - Login and Logout Activities This report gives information about all the login and logout activities detected in Google Workspace. Report contains IP address, username, action as logout, successful login or login failure, logon type and if the login is suspicious, and other useful information.


The configuration details are consistent with Netsurion's Open XDR platform version 9.2 or later, and Google Workspace.

Download Integration Guide,Google Workspace Integrator 3.0.1 and How-to Guide for more information and to configuration instructions.