Page Comparison

...

Data Source	Description	API Endpoint	Collector service name	Devo Table	Available from release
Customer takeout initiated	DomainWideTakeoutInitiated \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Customer takeout initiated`	`customer_takeout_initiated`	`cloud.gsuite.alerts.customer_takeout_initiated`	`v1.0.0`
Misconfigured whitelist	BadWhitelist \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Misconfigured whitelist`	`misconfigured_whitelist`	`cloud.gsuite.alerts.misconfigured_whitelist`	`v1.0.0`
Malware reclassification	MailPhishing \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Malware reclassification`	`malware_reclassification`	`cloud.gsuite.alerts.malware_reclassification`	`v1.0.0`
Phishing reclassification		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Phishing reclassification`	`phishing_reclassification`	`cloud.gsuite.alerts.phishing_reclassification`	`v1.0.0`
Suspicious message reported		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Suspicious message reported`	`suspicious_message_reported`	`cloud.gsuite.alerts.suspicious_message_reported`	`v1.0.0`
User reported phishing		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = User reported phishing`	`user_reported_phishing`	`cloud.gsuite.alerts.user_reported_phishing`	`v1.0.0`
User reported spam spike		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = User reported spam spike`	`user_reported_spam_spike`	`cloud.gsuite.alerts.user_reported_spam_spike`	`v1.0.0`
Leaked password	AccountWarning \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Leaked password`	`leaked_password`	`cloud.gsuite.alerts.leaked_password`	`v1.0.0`
Suspicious login		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Suspicious login`	`suspicious_login`	`cloud.gsuite.alerts.suspicious_login`	`v1.0.0`
Suspicious login (less secure app)		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Suspicious login (less secure app)`	`suspicious_login_less_secure_app`	`cloud.gsuite.alerts.suspicious_login_less_secure_app`	`v1.0.0`
Suspicious programmatic login		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Suspicious programmatic login`	`suspicious_programmatic_login`	`cloud.gsuite.alerts.suspicious_programmatic_login`	`v1.0.0`
User suspended		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = User suspended`	`user_suspended`	`cloud.gsuite.alerts.user_suspended`	`v1.0.0`
User suspended (spam)		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = User suspended (spam)`	`user_suspended_spam`	`cloud.gsuite.alerts.user_suspended_spam`	`v1.0.0`
User suspended (spam through relay)		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = User suspended (spam through relay)`	`user_suspended_spam_through_relay`	`cloud.gsuite.alerts.user_suspended_spam_through_relay`	`v1.0.0`
User suspended (suspicious activity)		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = User suspended (suspicious activity)`	`user_suspended_suspicious_activity`	`cloud.gsuite.alerts.user_suspended_suspicious_activity`	`v1.0.0`
Google Operations	GoogleOperations \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Google Operations`	`google_operations`	`cloud.gsuite.alerts.google_operations`	`v1.0.0`
Government attack warning	StateSponsoredAttack \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Government attack warning`	`government_attack_warning`	`cloud.gsuite.alerts.government_attack_warning`	`v1.0.0`
Device compromised	DeviceCompromised \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Device compromised`	`device_compromised`	`cloud.gsuite.alerts.device_compromised`	`v1.0.0`
Suspicious activity	SuspiciousActivity \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Suspicious activity`	`suspicious_activity`	`cloud.gsuite.alerts.suspicious_activity`	`v1.0.0`
AppMaker Default Cloud SQL setup	AppMakerSqlSetupNotification \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = AppMaker Default Cloud SQL setup`	`appmaker_default_cloud_sql_setup`	`cloud.gsuite.alerts.appmaker_default_cloud_sql_setup`	`v1.0.0`
Activity Rule	ActivityRule \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Activity Rule`	`activity_rule`	`cloud.gsuite.alerts.activity_rule`	`v1.0.0`
Configuration Problem	https://developers.google.com/admin-sdk/alertcenter/reference/rest/v1beta1/VoiceMisconfiguration	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Configuration problem`	`configuration_problem`	`cloud.gsuite.alerts`	`v1.0.0`
Data Loss Prevention	DlpRuleViolation \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Data Loss Prevention`	`data_loss_prevention`	`cloud.gsuite.alerts.data_loss_prevention`	`v1.3.0`
Apps outage	AppsOutage \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Apps outage`	`apps_outage`	`cloud.gsuite.alerts`	`v1.3.0`
Primary admin changed	SensitiveAdminAction \| Google Workspace Alert Center API \| Google Developers	`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Primary admin changed`	`primary_admin_changed`	`cloud.gsuite.alerts`	`v1.3.0`
SSO profile added		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = SSO profile added`	`sso_profile_added`	`cloud.gsuite.alerts`	`v1.3.0`
SSO profile updated		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = SSO profile updated`	`sso_profile_updated`	`cloud.gsuite.alerts`	`v1.3.0`
SSO profile deleted		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = SSO profile deleted`	`sso_profile_deleted`	`cloud.gsuite.alerts`	`v1.3.0`
Super admin password reset		`https://alertcenter.googleapis.com/v1beta1/alerts` Parameter `alert_type = Super admin password reset`	`super_admin_password_reset`	`cloud.gsuite.alerts.super_admin_password_reset`	`v1.3.0`

For more information on how the events are parsed, visit our page.

Vendor setup

There are minimal requirements to setup this collector:

...

Version	Old Version 26	New Version 27
Changes made by	Former user	Former user
Saved on	Sept 14, 2022	Sept 20, 2022

Versions Compared

Key

Vendor setup