Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

The tags beginning with cloud.gsuite identify events generated by Google Workspace (formerly Google G Suite).

...

The full tag must have four levels. The first two are fixed as cloud.gsuiteand represent technology and brand. The third level corresponds to the service while the fourth identifies the type of events sent.

...

Technology

...

Brand

...

Service

...

Type

...

cloud

...

gsuite

...

alerts

...

  • activity_rule

  • appmaker_default_cloud_sql_setup

  • customer_takeout_initiated

  • data_loss_prevention

  • device_compromised

  • google_operations

  • government_attack_warning

  • leaked_password

  • malware_reclassification

  • misconfigured_whitelist

  • phising_reclassification

  • suspicious_message_reported

  • suspicious_login

  • suspicious_login_less_secure_app

  • suspicious_programmatic_login

  • suspended_spam_through_relay

  • suspended_suspicious_activity

  • suspicious_activity

  • super_admin_password_reset

  • user_reported_phising

  • user_reported_spam_spike

  • user_suspended

  • user_suspended_spam

...

reports

...

  • access_transparency

  • admin

  • calendar

  • chat

  • data_studio

  • drive

  • gcp

  • gplus

  • groups

  • groups_entreprise

  • jamboard

  • login

  • meet

  • mobile

  • rules

  • saml

  • token

  • user_accounts

...

audit

...

  • drive

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

Product / Service

Tags

Data tables

Google Workspace admin logs

cloud.gsuite.admin.alertcenter

cloud.gsuite.admin.alertcenter

Google Workspace alerts

cloud.

generic

gsuite.alerts

cloud.gsuite.alerts

cloud.gsuite.alerts.activity_rule

cloud.gsuite.alerts.activity_rule

cloud.gsuite.alerts.appmaker_default_cloud_sql_setup

cloud.gsuite.alerts.appmaker_default_cloud_sql_setup

cloud.gsuite.alerts.customer_takeout_initiated

cloud.gsuite.alerts.customer_takeout_initiated

cloud.gsuite.alerts.data_loss_prevention

cloud.gsuite.alerts.data_loss_prevention

cloud.gsuite.alerts.device_compromised

cloud.gsuite.alerts.device_compromised

cloud.gsuite.alerts.google_operations

cloud.gsuite.alerts.google_operations

cloud.gsuite.alerts.government_attack_warning

cloud.gsuite.alerts.government_attack_warning

cloud.gsuite.alerts.leaked_password

cloud.gsuite.alerts.leaked_password

cloud.gsuite.alerts.malware_reclassification

cloud.gsuite.alerts.malware_reclassification

cloud.gsuite.alerts.misconfigured_whitelist

cloud.gsuite.alerts.misconfigured_whitelist

cloud.gsuite.alerts.phising_reclassification

cloud.gsuite.alerts.phising_reclassification

cloud.gsuite.alerts.super_admin_password_reset

cloud.gsuite.alerts.

suspicious

super_admin_

message

password_

reported

reset

cloud.gsuite.alerts.suspicious_

message_reported

activity

cloud.gsuite.alerts.suspicious_activity

cloud.gsuite.alerts.suspicious_login

cloud.gsuite.alerts.suspicious_login

cloud.gsuite.alerts.suspicious_login_less_secure_app

cloud.gsuite.alerts.suspicious_login_less_secure_app

cloud.gsuite.alerts.suspicious_

programmatic

message_

login

reported

cloud.gsuite.alerts.suspicious_

programmatic

message_

login

reported

cloud.gsuite.alerts.

suspended

suspicious_

spam

programmatic_

through_relay

login

cloud.gsuite.alerts.

suspended

suspicious_

spam

programmatic_

through_relay

login

cloud.gsuite.alerts.

suspended

user_

suspicious

reported_

activity

phising

cloud.gsuite.alerts.

suspended

user_

suspicious

reported_

activity

phising

cloud.gsuite.alerts.

suspicious_activitycloud.gsuite.alerts.suspicious_activity

user_reported_spam_spike

cloud.gsuite.alerts.

super

user_

admin

reported_

password

spam_

reset

spike

cloud.gsuite.alerts.

super_admin_password_reset

user_suspended

cloud.gsuite.alerts.user_

reported_phising

suspended

cloud.gsuite.alerts.user_

reported_phisingcloud.gsuite.alerts.

suspended.user_

reported

suspended_spam

_spike

cloud.gsuite.alerts.user_suspended.user_

reported

suspended_spam

_spike

cloud.gsuite.alerts.user_suspended_spam_through_relay

cloud.gsuite.alerts.user_suspended_spam_through_relay

cloud.gsuite.alerts.user_suspended

.user

_

suspended

suspicious_

spam

activity

cloud.gsuite.alerts.user_suspended

.user

_

suspended_spam

suspicious_activity

Google Workspace reports

cloud.gsuite.reports

.generic

cloud.gsuite.reports

cloud.gsuite.reports.access_transparency

cloud.gsuite.reports.access_transparency

cloud.gsuite.reports.admin

cloud.gsuite.reports.admin

cloud.gsuite.reports.calendar

cloud.gsuite.reports.calendar

cloud.gsuite.reports.chat

cloud.gsuite.reports.chat

cloud.gsuite.reports.data_studio

cloud.gsuite.reports.data_studio

cloud.gsuite.reports.drive

cloud.gsuite.reports.drive

cloud.gsuite.reports.gcp

cloud.gsuite.reports.gcp

cloud.gsuite.reports.gplus

cloud.gsuite.reports.gplus

cloud.gsuite.reports.groups

cloud.gsuite.reports.groups

cloud.gsuite.reports.

gplus

groups_enterprise

cloud.gsuite.reports.

gplus

groups_enterprise

cloud.gsuite.reports.jamboard

cloud.gsuite.reports.jamboard

cloud.gsuite.reports.login

cloud.gsuite.reports.login

cloud.gsuite.reports.meet

cloud.gsuite.reports.meet

cloud.gsuite.reports.mobile

cloud.gsuite.reports.mobile

cloud.gsuite.reports.rules

cloud.gsuite.reports.rules

cloud.gsuite.reports.saml

cloud.gsuite.reports.saml

cloud.gsuite.reports.token

cloud.gsuite.reports.token

cloud.gsuite.reports.user_accounts

cloud.gsuite.reports.user_accounts

cloud.gsuite.audit.drive

cloud.gsuite.audit.drive

...