Page Comparison

...

Introduction

The tags beginning with cloud.gsuite identify events generated by Google Workspace (formerly Google G Suite).

...

The full tag must have four levels. The first two are fixed as cloud.gsuiteand represent technology and brand. The third level corresponds to the service while the fourth identifies the type of events sent.

...

Technology

...

Brand

...

Service

...

Type

...

cloud

...

gsuite

...

alerts

...

activity_rule

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables
Google Workspace admin logs	`cloud.gsuite.admin.alertcenter`	`cloud.gsuite.admin.alertcenter`
Google Workspace alerts	`cloud.gsuite.alerts`	`cloud.gsuite.alerts`
	`cloud.gsuite.alerts.activity_rule`	`cloud.gsuite.alerts.activity_rule`
	`cloud.gsuite.alerts.appmaker_default_cloud_sql_setup`

customer_
cloud.gsuite.alerts.appmaker_default_cloud_sql_setup
cloud.gsuite.alerts.customer_takeout_initiated
cloud.gsuite.alerts.customer_takeout_initiated
cloud.gsuite.alerts.data_loss_prevention
cloud.gsuite.alerts.data_loss_prevention
cloud.gsuite.alerts.device_compromised
cloud.gsuite.alerts.device_compromised
cloud.gsuite.alerts.google_operations
cloud.gsuite.alerts.google_operations
cloud.gsuite.alerts.government_attack_warning
leaked_password
malware_reclassification
Tag
Data table
cloud.gsuite.alerts.generic
cloud.gsuite.alerts
cloud.gsuite.alerts.government_attack_warning
cloud.gsuite.alerts.leaked_password
cloud.gsuite.alerts.leaked_password
cloud.gsuite.alerts.malware_reclassification
cloud.gsuite.alerts.malware_reclassification
cloud.gsuite.alerts.misconfigured_whitelist
cloud.gsuite.alerts.misconfigured_whitelist
cloud.gsuite.alerts.phising_reclassification
suspicious_message_reported
suspicious_login
suspicious_login_less_secure_app
suspicious_programmatic_login
suspended_spam_through_relay
suspended_suspicious_activity
suspicious_activity
super_admin_password_reset
user_reported_phising
user_reported_spam_spike
user_suspended
user_suspended_spam
reports
access_transparency
admin
calendar
chat
data_studio
drive
gcp
gplus
groups
groups_entreprise
jamboard
login
meet
mobile
rules
saml
token
user_accounts
audit
drive

These are the valid tags and corresponding data tables that will receive the parsers' data:

`cloud.gsuite.alerts.phising_reclassification`
`cloud.gsuite.alerts.super_admin_password_reset`	`cloud.gsuite.alerts.super_admin_password_reset`
`cloud.gsuite.alerts.suspicious_activity`	`cloud.gsuite.alerts.suspicious_activity`
`cloud.gsuite.alerts.suspicious_login`	`cloud.gsuite.alerts.suspicious_login`
`cloud.gsuite.alerts.suspicious_login_less_secure_app`	`cloud.gsuite.alerts.suspicious_login_less_secure_app`
`cloud.gsuite.alerts.suspicious_message_reported`	`cloud.gsuite.alerts.suspicious_message_reported`
`cloud.gsuite.alerts.`

activity
suspicious_programmatic_
rule
login
cloud.gsuite.alerts.
activity
suspicious_programmatic_
rule
login
cloud.gsuite.alerts.
appmaker
user_
default_cloud_sql_setup
reported_phising
cloud.gsuite.alerts.
appmaker
user_
default_cloud_sql_setup
reported_phising
cloud.gsuite.alerts.
customer
user_reported_
takeout
spam_
initiated
spike
cloud.gsuite.alerts.
customer
user_reported_
takeout
spam_
initiated
spike
cloud.gsuite.alerts.
data
user_
loss_prevention
suspended
cloud.gsuite.alerts.
data
user_
loss_prevention
suspended
cloud.gsuite.alerts
.device_compromised
.user_suspended.user_suspended_spam
cloud.gsuite.alerts
.device_compromised
.user_suspended.user_suspended_spam
cloud.gsuite.alerts.
google_operations
user_suspended_spam_through_relay
cloud.gsuite.alerts.
google_operations
user_suspended_spam_through_relay
cloud.gsuite.alerts.
government
user_suspended_
attack
suspicious_
warning
activity
cloud.gsuite.alerts.
government
user_suspended_
attack_warning
suspicious_activity
Google Workspace reports
cloud.gsuite.
alerts.leaked_password
reports
cloud.gsuite.reports
cloud.gsuite.
alerts
reports.
leaked
access_
password
transparency
cloud.gsuite.
alerts
reports.
malware
access_
reclassification
transparency
cloud.gsuite.
alerts
reports.
malware_reclassification
admin
cloud.gsuite.
alerts
reports.
misconfigured_whitelist
admin
cloud.gsuite.
alerts
reports.
misconfigured_whitelist
calendar
cloud.gsuite.
alerts
reports.
phising_reclassification
calendar
cloud.gsuite.
alerts
reports.
phising_reclassification
chat
cloud.gsuite.
alerts.suspicious_message_reported
reports.chat
cloud.gsuite.
alerts
reports.
suspicious
data_
message_reported
studio
cloud.gsuite.
alerts
reports.
suspicious
data_
login
studio
cloud.gsuite.
alerts
reports.
suspicious_login
drive
cloud.gsuite.
alerts.suspicious_login_less_secure_app
reports.drive
cloud.gsuite.
alerts.suspicious_login_less_secure_app
reports.gcp
cloud.gsuite.
alerts.suspicious_programmatic_login
reports.gcp
cloud.gsuite.
alerts.suspicious_programmatic_login
reports.gplus
cloud.gsuite.
alerts.suspended_spam_through_relay
reports.gplus
cloud.gsuite.
alerts.suspended_spam_through_relay
reports.groups
cloud.gsuite.
alerts.suspended_suspicious_activity
reports.groups
cloud.gsuite.
alerts
reports.
suspended
groups_
suspicious_activity
enterprise
cloud.gsuite.
alerts
reports.
suspicious
groups_
activity
enterprise
cloud.gsuite.
alerts
reports.
suspicious_activity
jamboard
cloud.gsuite.
alerts.super_admin_password_reset
reports.jamboard
cloud.gsuite.
alerts.super_admin_password_reset
reports.login
cloud.gsuite.
alerts.user_reported_phising
reports.login
cloud.gsuite.
alerts.user_reported_phising
reports.meet
cloud.gsuite.
alerts.user_reported_spam_spike
reports.meet
cloud.gsuite.
alerts.user_reported_spam_spike
reports.mobile
cloud.gsuite.
alerts
reports.
user_suspended
mobile
cloud.gsuite.
alerts.user_suspended
cloud.gsuite.alerts.user_suspended.user_suspended_spam
cloud.gsuite.alerts.user_suspended.user_suspended_spam
cloud.gsuite.reports.generic
reports.rules
cloud.gsuite.reports
cloud.gsuite.reports.access_transparency
.rules
cloud.gsuite.reports.
access_transparency
saml
cloud.gsuite.reports.
admin
saml
cloud.gsuite.reports.
admin
token
cloud.gsuite.reports.
calendar
token
cloud.gsuite.reports.
calendar
user_accounts
cloud.gsuite.reports.
chat
cloud.gsuite.reports.chat
cloud.gsuite.reports.data_studio
cloud.gsuite.reports.data_studio
cloud.gsuite.reports.drive
cloud.gsuite.reports.drive
cloud.gsuite.reports.gcp
cloud.gsuite.reports.gcp
cloud.gsuite.reports.groups
cloud.gsuite.reports.groups
cloud.gsuite.reports.gplus
cloud.gsuite.reports.gplus
cloud.gsuite.reports.jamboard
cloud.gsuite.reports.jamboard
cloud.gsuite.reports.login
cloud.gsuite.reports.login
cloud.gsuite.reports.meet
cloud.gsuite.reports.meet
cloud.gsuite.reports.mobile
cloud.gsuite.reports.mobile
cloud.gsuite.reports.rules
cloud.gsuite.reports.rules
cloud.gsuite.reports.saml
cloud.gsuite.reports.saml
cloud.gsuite.reports.token
cloud.gsuite.reports.token
cloud.gsuite.reports.user_accounts
cloud.gsuite.reports.user_accounts
cloud.gsuite.audit.drive
cloud.gsuite.audit.drive

Table structure

This is the set displayed by these tables.

...

Rw tab

title	Tables 1-5

[cloud.gsuite.alerts][cloud.gsuite.alerts.activity_rule][cloud.gsuite.alerts.appmaker_default_cloud_sql_setup][cloud.gsuite.alerts.customer_takeout_initiated][cloud.gsuite.alerts.data_loss_prevention]

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime_len

...

int4

...

-

...

startTime

...

timestamp

...

-

...

endTime_len

...

int4

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

str

...

-

...

startTime

...

str

...

-

...

endTime

...

str

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_name

...

str

...

-

...

data_displayName

...

str

...

-

...

data_description

...

str

...

-

...

data_windowSize

...

str

...

-

...

data_threshold

...

str

...

-

...

data_createTime

...

str

...

-

...

data_updateTime

...

str

...

-

...

data_triggerSource

...

str

...

-

...

data_supersededAlerts

...

str

...

-

...

data_supersedingAlert

...

str

...

-

...

data_actionNames

...

str

...

-

...

data_query

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_requestInfo

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_takeoutRequestId

...

str

...

-

...

data_email

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime_len

...

int4

...

-

...

startTime

...

timestamp

...

-

...

endTime_len

...

int4

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_ruleViolationInfo_ruleInfo_resourceName

...

str

...

-

...

data_ruleViolationInfo_ruleInfo_displayName

...

str

...

-

...

data_ruleViolationInfo_dataSource

...

str

...

-

...

data_ruleViolationInfo_trigger

...

str

...

-

...

data_ruleViolationInfo_triggeringUserEmail

...

str

...

-

...

data_ruleViolationInfo_recipients_str

...

str

...

-

...

data_ruleViolationInfo_resourceInfo_documentId

...

str

...

-

...

data_ruleViolationInfo_resourceInfo_resourceTitle

...

str

...

-

...

data_ruleViolationInfo_matchInfo_predefinedDetector_detectorName_str

...

str

...

-

...

data_ruleViolationInfo_triggeredActionTypes_str

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_updateTime

...

timestamp

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

timestamp

...

-

...

etag

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

Rw tab

title	Tables 6-10

[cloud.gsuite.alerts.device_compromised][cloud.gsuite.alerts.google_operations][cloud.gsuite.alerts.government_attack_warning][cloud.gsuite.alerts.leaked_password][cloud.gsuite.alerts.malware_reclassification]

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_email

...

str

...

-

...

data_events

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_title

...

str

...

-

...

data_description

...

str

...

-

...

data_affectedUserEmails

...

str

...

-

...

data_attachmentData_csv_headers

...

str

...

-

...

data_attachmentData_csv_dataRows

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_email

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_email

...

str

...

-

...

data_loginDetails_loginTime

...

str

...

-

...

data_loginDetails_ipAddress

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_domainId_customerPrimaryDomain

...

str

...

-

...

data_maliciousEntity_entity_emailAddress

...

str

...

-

...

data_maliciousEntity_entity_displayName

...

str

...

-

...

data_maliciousEntity_fromHeader

...

str

...

-

...

data_maliciousEntity_displayName

...

str

...

-

...

data_messages

...

str

...

-

...

data_isInternal

...

bool

...

-

...

data_systemActionType

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

Rw tab

title	tables 11-15

[cloud.gsuite.alerts.misconfigured_whitelist][cloud.gsuite.alerts.suspicious_message_reported][cloud.gsuite.alerts.suspicious_login][cloud.gsuite.alerts.suspicious_login_less_secure_app][cloud.gsuite.alerts.suspicious_programmatic_login]

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_domainId_customerPrimaryDomain

...

str

...

-

...

data_maliciousEntity_entity_emailAddress

...

str

...

-

...

data_maliciousEntity_entity_displayName

...

str

...

-

...

data_maliciousEntity_fromHeader

...

str

...

-

...

data_maliciousEntity_displayName

...

str

...

-

...

data_messages

...

str

...

-

...

data_sourceIp

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_domainId_customerPrimaryDomain

...

str

...

-

...

data_maliciousEntity_entity_emailAddress

...

str

...

-

...

data_maliciousEntity_entity_displayName

...

str

...

-

...

data_maliciousEntity_fromHeader

...

str

...

-

...

data_maliciousEntity_displayName

...

str

...

-

...

data_messages

...

str

...

-

...

data_isInternal

...

bool

...

-

...

data_systemActionType

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_email

...

str

...

-

...

data_loginDetails_loginTime

...

str

...

-

...

data_loginDetails_ipAddress

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_email

...

str

...

-

...

data_loginDetails_loginTime

...

str

...

-

...

data_loginDetails_ipAddress

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

devo_source_type

...

str

...

-

...

devo_alert_type

...

str

...

-

...

devo_data_type

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime

...

timestamp

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data_at_type

...

str

...

-

...

data_email

...

str

...

-

...

data_loginDetails_loginTime

...

str

...

-

...

data_loginDetails_ipAddress

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

deleted

...

bool

...

-

...

metadata_customerId

...

str

...

-

...

metadata_alertId

...

str

...

-

...

metadata_status

...

str

...

-

...

metadata_assignee

...

str

...

-

...

metadata_updateTime

...

str

...

-

...

metadata_severity

...

str

...

-

...

metadata_etag

...

str

...

-

...

updateTime

...

str

...

-

...

etag

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

Rw tab

title	Tables 16-20

[cloud.gsuite.alerts.super_admin_password_reset][cloud.gsuite.reports][cloud.gsuite.reports.access_transparency][cloud.gsuite.reports.admin][cloud.gsuite.reports.calendar]

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

customerId

...

str

...

-

...

alertId

...

str

...

-

...

createTime

...

timestamp

...

-

...

startTime_len

...

int4

...

-

...

startTime

...

timestamp

...

-

...

endTime_len

...

int4

...

-

...

endTime

...

timestamp

...

-

...

type

...

str

...

-

...

source

...

str

...

-

...

data__at_type

...

str

...

-

...

data__eventTime

...

timestamp

...

-

...

data__actorEmail

...

str

...

-

...

data__superAdminPasswordResetEvent__userEmail

...

str

...

-

...

securityInvestigationToolLink

...

str

...

-

...

metadata__customerId

...

str

...

-

...

metadata__alertId

...

str

...

-

...

metadata__status

...

str

...

-

...

metadata__updateTime

...

timestamp

...

-

...

metadata__etag

...

str

...

-

...

updateTime

...

timestamp

...

-

...

etag

...

str

...

-

...

at_devo_collector_version

...

int4

...

-

...

at_devo_source_type

...

str

...

-

...

at_devo_alert_type

...

str

...

-

...

at_devo_data_type

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_actor_home_office

...

str

...

-

...

ev_param_gsuite_product_name

...

str

...

-

...

ev_param_justifications

...

str

...

-

...

ev_param_log_id

...

str

...

-

...

ev_param_owner_email

...

str

...

-

...

ev_param_resource_name

...

str

...

-

...

ev_param_tickets

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_application_edition

...

str

...

-

...

ev_param_application_name

...

str

...

-

...

ev_param_group_email

...

str

...

-

...

ev_param_new_value

...

str

...

-

...

ev_param_old_value

...

str

...

-

...

ev_param_org_unit_name

...

str

...

-

...

ev_param_setting_name

...

str

...

-

...

ev_param_group_priorities

...

str

...

-

...

ev_param_domain_name

...

str

...

-

...

ev_param_managed_configuration_name

...

str

...

-

...

ev_param_mobile_app_package_id

...

str

...

-

...

ev_param_flashlight_edu_non_featured_services_selection

...

str

...

-

...

ev_param_field_name

...

str

...

-

...

ev_param_resource_identifier

...

str

...

-

...

ev_param_gateway_name

...

str

...

-

...

ev_param_app_id

...

str

...

-

...

ev_param_chrome_os_session_type

...

str

...

-

...

ev_param_device_serial_number

...

str

...

-

...

ev_param_printer_name

...

str

...

-

...

ev_param_role_name

...

str

...

-

...

ev_param_role_id

...

str

...

-

...

ev_param_privilege_name

...

str

...

-

...

ev_param_begin_date_time

...

str

...

-

...

ev_param_end_date_time

...

str

...

-

...

ev_param_application_enabled

...

str

...

-

...

ev_param_alert_name

...

str

...

-

...

ev_param_domain_alias

...

str

...

-

...

ev_param_domain_verification_method

...

str

...

-

...

ev_param_api_client_name

...

str

...

-

...

ev_param_api_scopes

...

str

...

-

...

ev_param_app_licenses_order_number

...

str

...

-

...

ev_param_chrome_num_licenses_purchased

...

int8

...

-

...

ev_param_play_for_work_token_id

...

str

...

-

...

ev_param_info_type

...

str

...

-

...

ev_param_play_for_work_mdm_vendor_name

...

str

...

-

...

ev_param_user_email

...

str

...

-

...

ev_param_rule_name

...

str

...

-

...

ev_param_secondary_domain_name

...

str

...

-

...

ev_param_email_log_search_msg_id

...

str

...

-

...

ev_param_quarantine_name

...

str

...

-

...

ev_param_setting_description

...

str

...

-

...

ev_param_email_log_search_end_date

...

str

...

-

...

ev_param_email_log_search_recipient

...

str

...

-

...

ev_param_email_log_search_sender

...

str

...

-

...

ev_param_email_log_search_smtp_recipient_ip

...

str

...

-

...

ev_param_email_log_search_smtp_sender_ip

...

str

...

-

...

ev_param_email_log_search_start_date

...

str

...

-

...

ev_param_end_date

...

str

...

-

...

ev_param_start_date

...

str

...

-

...

ev_param_user_defined_setting_name

...

str

...

-

...

ev_param_group_member_bulk_upload_failed_number

...

str

...

-

...

ev_param_group_member_bulk_upload_total_number

...

str

...

-

...

ev_param_whitelisted_groups

...

str

...

-

...

ev_param_product_name

...

str

...

-

...

ev_param_sku_name

...

str

...

-

...

ev_param_action_id

...

str

...

-

...

ev_param_action_type

...

str

...

-

...

ev_param_company_device_id

...

str

...

-

...

ev_param_device_id

...

str

...

-

...

ev_param_device_type

...

str

...

-

...

ev_param_distribution_entity_name

...

str

...

-

...

ev_param_distribution_entity_type

...

str

...

-

...

ev_param_mobile_certificate_common_name

...

str

...

-

...

ev_param_mobile_wireless_network_name

...

str

...

-

...

ev_param_new_permission_grant_state

...

str

...

-

...

ev_param_number_of_company_owned_devices

...

int8

...

-

...

ev_param_old_permission_grant_state

...

str

...

-

...

ev_param_permission_group_name

...

str

...

-

...

ev_param_asp_id

...

str

...

-

...

ev_param_birthdate

...

str

...

-

...

ev_param_bulk_upload_fail_users_number

...

str

...

-

...

ev_param_bulk_upload_total_users_number

...

str

...

-

...

ev_param_chrome_licenses_allowed

...

str

...

-

...

ev_param_chrome_licenses_enabled

...

str

...

-

...

ev_param_destination_user_email

...

str

...

-

...

ev_param_email_export_include_deleted

...

str

...

-

...

ev_param_email_export_package_content

...

str

...

-

...

ev_param_email_monitor_dest_email

...

str

...

-

...

ev_param_email_monitor_level_chat

...

str

...

-

...

ev_param_email_monitor_level_draft_email

...

str

...

-

...

ev_param_email_monitor_level_incoming_email

...

str

...

-

...

ev_param_email_monitor_level_outgoing_email

...

str

...

-

...

ev_param_gmail_reset_reason

...

str

...

-

...

ev_param_request_id

...

str

...

-

...

ev_param_search_query_for_dump

...

str

...

-

...

ev_param_service_name

...

str

...

-

...

ev_param_site_location

...

str

...

-

...

ev_param_site_name

...

str

...

-

...

ev_param_user_custom_field

...

str

...

-

...

ev_param_user_nickname

...

str

...

-

...

ev_param_web_address

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_access_level

...

str

...

-

...

ev_param_api_kind

...

str

...

-

...

ev_param_calendar_id

...

str

...

-

...

ev_param_grantee_email

...

str

...

-

...

ev_param_user_agent

...

str

...

-

...

ev_param_calendar_country

...

str

...

-

...

ev_param_calendar_description

...

str

...

-

...

ev_param_calendar_location

...

str

...

-

...

ev_param_calendar_timezone

...

str

...

-

...

ev_param_calendar_title

...

str

...

-

...

ev_param_event_id

...

str

...

-

...

ev_param_notification_message_id

...

str

...

-

...

ev_param_notification_method

...

str

...

-

...

ev_param_notification_type

...

str

...

-

...

ev_param_recipient_email

...

str

...

-

...

ev_param_subscriber_calendar_id

...

str

...

-

...

ev_param_end_time

...

int8

...

-

...

ev_param_event_title

...

str

...

-

...

ev_param_organizer_calendar_id

...

str

...

-

...

ev_param_start_time

...

int8

...

-

...

ev_param_event_guest

...

str

...

-

...

ev_param_event_response_status

...

str

...

-

...

ev_param_old_event_title

...

str

...

-

...

ev_param_remote_ews_url

...

str

...

-

...

ev_param_requested_period_end

...

int8

...

-

...

ev_param_requested_period_start

...

int8

...

-

...

ev_param_interop_error_code

...

str

...

-

...

ev_param_target_calendar_id

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

Rw tab

title	Tables 21-25

[cloud.gsuite.reports.chat][cloud.gsuite.reports.data_studio][cloud.gsuite.reports.drive][cloud.gsuite.reports.gcp]

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_dm_id

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_asset_id

...

str

...

-

...

ev_param_asset_name

...

str

...

-

...

ev_param_owner_email

...

str

...

-

...

ev_param_asset_type

...

str

...

-

...

ev_param_connector_type

...

str

...

-

...

ev_param_visibility

...

str

...

-

...

ev_param_data_export_type

...

str

...

-

...

ev_param_embedded_in_report_id

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_billable

...

bool

...

-

...

ev_param_destination_folder_id

...

str

...

-

...

ev_param_destination_folder_title

...

str

...

-

...

ev_param_doc_id

...

str

...

-

...

ev_param_doc_title

...

str

...

-

...

ev_param_doc_type

...

str

...

-

...

ev_param_originating_app_id

...

str

...

-

...

ev_param_owner

...

str

...

-

...

ev_param_owner_is_shared_drive

...

bool

...

-

...

ev_param_primary_event

...

bool

...

-

...

ev_param_shared_drive_id

...

str

...

-

...

ev_param_visibility

...

str

...

-

...

ev_param_source_folder_id

...

str

...

-

...

ev_param_source_folder_title

...

str

...

-

...

ev_param_new_value

...

str

...

-

...

ev_param_old_value

...

str

...

-

...

ev_param_sheets_import_range_recipient_doc

...

str

...

-

...

ev_param_old_visibility

...

str

...

-

...

ev_param_visibility_change

...

str

...

-

...

ev_param_target_domain

...

str

...

-

...

ev_param_added_role

...

str

...

-

...

ev_param_membership_change_type

...

str

...

-

...

ev_param_removed_role

...

str

...

-

...

ev_param_target

...

str

...

-

...

ev_param_new_settings_state

...

str

...

-

...

ev_param_old_settings_state

...

str

...

-

...

ev_param_shared_drive_settings_change_type

...

str

...

-

...

ev_param_target_user

...

str

...

-

...

ev_param_is_encrypted

...

bool

...

-

...

ev_param_actor_is_collaborator_account

...

bool

...

-

...

ev_param_owner_is_team_drive

...

bool

...

-

...

ev_param_team_drive_id

...

str

...

-

...

ev_param_unknown

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_user_email

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

Rw tab

title	Tables 26-30

[cloud.gsuite.reports.groups][cloud.gsuite.reports.gplus][cloud.gsuite.reports.jamboard][cloud.gsuite.reports.login][cloud.gsuite.reports.meet]

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_acl_permission

...

str

...

-

...

ev_param_group_email

...

str

...

-

...

ev_param_new_value_repeated

...

str

...

-

...

ev_param_old_value_repeated

...

str

...

-

...

ev_param_user_email

...

str

...

-

...

ev_param_basic_setting

...

str

...

-

...

ev_param_new_value

...

str

...

-

...

ev_param_old_value

...

str

...

-

...

ev_param_info_setting

...

str

...

-

...

ev_param_value

...

str

...

-

...

ev_param_new_members_restrictions_setting

...

str

...

-

...

ev_param_post_replies_setting

...

str

...

-

...

ev_param_spam_moderation_setting

...

str

...

-

...

ev_param_topic_setting

...

str

...

-

...

ev_param_message_id

...

str

...

-

...

ev_param_message_moderation_action

...

str

...

-

...

ev_param_status

...

str

...

-

...

ev_param_member_role

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_comment_resource_name

...

str

...

-

...

ev_param_plusone_context

...

str

...

-

...

ev_param_post_permalink

...

str

...

-

...

ev_param_post_resource_name

...

str

...

-

...

ev_param_post_visibility

...

str

...

-

...

ev_param_attachment_type

...

str

...

-

...

ev_param_post_author_name

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_affected_email_address

...

str

...

-

...

ev_param_login_timestamp

...

int8

...

-

...

ev_param_login_challenge_method

...

str

...

-

...

ev_param_login_failure_type

...

str

...

-

...

ev_param_login_type

...

str

...

-

...

ev_param_login_challenge_status

...

str

...

-

...

ev_param_is_second_factor

...

bool

...

-

...

ev_param_is_suspicious

...

bool

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_audio_recv_packet_loss_max

...

int8

...

-

...

ev_param_audio_recv_packet_loss_mean

...

int8

...

-

...

ev_param_audio_recv_seconds

...

int8

...

-

...

ev_param_audio_send_bitrate_kbps_mean

...

int8

...

-

...

ev_param_audio_send_packet_loss_max

...

int8

...

-

...

ev_param_audio_send_packet_loss_mean

...

int8

...

-

...

ev_param_audio_send_seconds

...

int8

...

-

...

ev_param_calendar_event_id

...

str

...

-

...

ev_param_conference_id

...

str

...

-

...

ev_param_device_type

...

str

...

-

...

ev_param_display_name

...

str

...

-

...

ev_param_duration_seconds

...

int8

...

-

...

ev_param_end_of_call_rating

...

int8

...

-

...

ev_param_endpoint_id

...

str

...

-

...

ev_param_identifier

...

str

...

-

...

ev_param_identifier_type

...

str

...

-

...

ev_param_ip_address

...

str

...

-

...

ev_param_is_external

...

bool

...

-

...

ev_param_location_country

...

str

...

-

...

ev_param_location_region

...

str

...

-

...

ev_param_meeting_code

...

str

...

-

...

ev_param_network_congestion

...

int8

...

-

...

ev_param_network_estimated_download_kbps_mean

...

int8

...

-

...

ev_param_network_estimated_upload_kbps_mean

...

int8

...

-

...

ev_param_network_recv_jitter_msec_max

...

int8

...

-

...

ev_param_network_recv_jitter_msec_mean

...

int8

...

-

...

ev_param_network_rtt_msec_mean

...

int8

...

-

...

ev_param_network_send_jitter_msec_mean

...

int8

...

-

...

ev_param_network_transport_protocol

...

str

...

-

...

ev_param_organizer_email

...

str

...

-

...

ev_param_product_type

...

str

...

-

...

ev_param_screencast_recv_bitrate_kbps_mean

...

int8

...

-

...

ev_param_screencast_recv_fps_mean

...

int8

...

-

...

ev_param_screencast_recv_long_side_median_pixels

...

int8

...

-

...

ev_param_screencast_recv_packet_loss_max

...

int8

...

-

...

ev_param_screencast_recv_packet_loss_mean

...

int8

...

-

...

ev_param_screencast_recv_seconds

...

int8

...

-

...

ev_param_screencast_recv_short_side_median_pixels

...

int8

...

-

...

ev_param_screencast_send_bitrate_kbps_mean

...

int8

...

-

...

ev_param_screencast_send_fps_mean

...

int8

...

-

...

ev_param_screencast_send_long_side_median_pixels

...

int8

...

-

...

ev_param_screencast_send_packet_loss_max

...

int8

...

-

...

ev_param_screencast_send_packet_loss_mean

...

int8

...

-

...

ev_param_screencast_send_seconds

...

int8

...

-

...

ev_param_screencast_send_short_side_median_pixels

...

int8

...

-

...

ev_param_video_recv_fps_mean

...

int8

...

-

...

ev_param_video_recv_long_side_median_pixels

...

int8

...

-

...

ev_param_video_recv_packet_loss_max

...

int8

...

-

...

ev_param_video_recv_packet_loss_mean

...

int8

...

-

...

ev_param_video_recv_seconds

...

int8

...

-

...

ev_param_video_recv_short_side_median_pixels

...

int8

...

-

...

ev_param_video_send_bitrate_kbps_mean

...

int8

...

-

...

ev_param_video_send_fps_mean

...

int8

...

-

...

ev_param_video_send_long_side_median_pixels

...

int8

...

-

...

ev_param_video_send_packet_loss_max

...

int8

...

-

...

ev_param_video_send_packet_loss_mean

...

int8

...

-

...

ev_param_video_send_seconds

...

int8

...

-

...

ev_param_video_send_short_side_median_pixels

...

int8

...

-

...

ev_param_livestream_view_page_id

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

Rw tab

title	Tables 31-35

[cloud.gsuite.reports.mobile][cloud.gsuite.reports.rules][cloud.gsuite.reports.saml][cloud.gsuite.reports.token][cloud.gsuite.reports.user_accounts]

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_apk_sha256_hash

...

str

...

-

...

ev_param_application_id

...

str

...

-

...

ev_param_application_state

...

str

...

-

...

ev_param_device_id

...

str

...

-

...

ev_param_device_model

...

str

...

-

...

ev_param_device_type

...

str

...

-

...

ev_param_ios_vendor_id

...

str

...

-

...

ev_param_new_value

...

str

...

-

...

ev_param_pha_category

...

str

...

-

...

ev_param_resource_id

...

str

...

-

...

ev_param_security_event_id

...

int8

...

-

...

ev_param_serial_number

...

str

...

-

...

ev_param_user_email

...

str

...

-

...

ev_param_account_state

...

str

...

-

...

ev_param_basic_integrity

...

str

...

-

...

ev_param_cts_profile_match

...

str

...

-

...

ev_param_os_version

...

str

...

-

...

ev_param_register_privilege

...

str

...

-

...

ev_param_security_patch_level

...

str

...

-

...

ev_param_os_edition

...

str

...

-

...

ev_param_policy_name

...

str

...

-

...

ev_param_policy_sync_result

...

str

...

-

...

ev_param_policy_sync_type

...

str

...

-

...

ev_param_value

...

str

...

-

...

ev_param_windows_syncml_policy_status_code

...

str

...

-

...

ev_param_action_execution_status

...

str

...

-

...

ev_param_action_id

...

str

...

-

...

ev_param_action_type

...

str

...

-

...

ev_param_device_compliance

...

str

...

-

...

ev_param_device_deactivation_reason

...

str

...

-

...

ev_param_old_value

...

str

...

-

...

ev_param_os_property

...

str

...

-

...

ev_param_device_ownership

...

str

...

-

...

ev_param_new_device_id

...

str

...

-

...

ev_param_device_setting

...

str

...

-

...

ev_param_risk_signal

...

str

...

-

...

ev_param_device_compromised_state

...

str

...

-

...

ev_param_failed_passwd_attempts

...

int4

...

-

...

ev_param_device_property

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_actor_ip_address

...

str

...

-

...

ev_param_data_source

...

str

...

-

...

ev_param_has_alert

...

bool

...

-

...

ev_param_matched_detectors

...

str

...

-

...

ev_param_matched_threshold

...

str

...

-

...

ev_param_matched_trigger

...

str

...

-

...

ev_param_resource_id

...

str

...

-

...

ev_param_resource_owner_email

...

str

...

-

...

ev_param_resource_recipients

...

str

...

-

...

ev_param_resource_title

...

str

...

-

...

ev_param_resource_type

...

str

...

-

...

ev_param_rule_name

...

str

...

-

...

ev_param_rule_resource_name

...

str

...

-

...

ev_param_rule_type

...

str

...

-

...

ev_param_scan_type

...

str

...

-

...

ev_param_severity

...

str

...

-

...

ev_param_suppressed_actions

...

str

...

-

...

ev_param_triggered_actions

...

str

...

-

...

ev_param_actions

...

str

...

-

...

ev_param_application

...

str

...

-

...

ev_param_drive_shared_drive_id

...

str

...

-

...

ev_param_has_content_match

...

bool

...

-

...

ev_param_matched_templates

...

str

...

-

...

ev_param_mobile_device_type

...

str

...

-

...

ev_param_mobile_ios_vendor_id

...

str

...

-

...

ev_param_resource_name

...

str

...

-

...

ev_param_rule_id

...

int8

...

-

...

ev_param_rule_update_time_usec

...

int8

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_application_name

...

str

...

-

...

ev_param_failure_type

...

str

...

-

...

ev_param_initiated_by

...

str

...

-

...

ev_param_orgunit_path

...

str

...

-

...

ev_param_saml_second_level_status_code

...

str

...

-

...

ev_param_saml_status_code

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_api_name

...

str

...

-

...

ev_param_app_name

...

str

...

-

...

ev_param_client_id

...

str

...

-

...

ev_param_client_type

...

str

...

-

...

ev_param_method_name

...

str

...

-

...

ev_param_num_response_bytes

...

int8

...

-

...

ev_param_product_bucket

...

str

...

-

...

ev_param_scope

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

✓

Rw tab

title	Tables 36

[cloud.gsuite.reports.drive]

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

hostname

...

str

...

-

...

devo_collector_version

...

int4

...

-

...

kind

...

str

...

-

...

id_time

...

timestamp

...

-

...

id_uniqueQualifier

...

str

...

-

...

id_applicationName

...

str

...

-

...

id_customerId

...

str

...

-

...

etag

...

str

...

-

...

actor_callerType

...

str

...

-

...

actor_email

...

str

...

-

...

actor_profileId

...

str

...

-

...

actor_key

...

str

...

-

...

ownerDomain

...

str

...

-

...

ipAddress

...

str

...

-

...

event_type

...

str

...

-

...

event_name

...

str

...

-

...

event_parameters

...

str

...

-

...

ev_param_billable

...

bool

...

-

...

ev_param_destination_folder_id

...

str

...

-

...

ev_param_destination_folder_title

...

str

...

-

...

ev_param_doc_id

...

str

...

-

...

ev_param_doc_title

...

str

...

-

...

ev_param_doc_type

...

str

...

-

...

ev_param_originating_app_id

...

str

...

-

...

ev_param_owner

...

str

...

-

...

ev_param_owner_is_shared_drive

...

bool

...

-

...

ev_param_primary_event

...

bool

...

-

...

ev_param_shared_drive_id

...

str

...

-

...

ev_param_visibility

...

str

...

-

...

ev_param_source_folder_id

...

str

...

-

...

ev_param_source_folder_title

...

str

...

-

...

ev_param_new_value

...

str

...

-

...

ev_param_old_value

...

str

...

-

...

ev_param_sheets_import_range_recipient_doc

...

str

...

-

...

ev_param_old_visibility

...

str

...

-

...

ev_param_visibility_change

...

str

...

-

...

ev_param_target_domain

...

str

...

-

...

ev_param_added_role

...

str

...

-

...

ev_param_membership_change_type

...

str

...

-

...

ev_param_removed_role

...

str

...

-

...

ev_param_target

...

str

...

-

...

ev_param_new_settings_state

...

str

...

-

...

ev_param_old_settings_state

...

str

...

-

...

ev_param_shared_drive_settings_change_type

...

str

...

-

...

ev_param_target_user

...

str

...

-

...

ev_param_is_encrypted

...

bool

...

-

...

ev_param_actor_is_collaborator_account

...

bool

...

-

...

ev_param_owner_is_team_drive

...

bool

...

-

...

ev_param_team_drive_id

...

str

...

-

...

ev_param_unknown

...

str

...

-

...

hostchain

...

str

...

✓

...

tag

...

str

...

✓

...

rawMessage

...

str

...

user_accounts

Versions Compared

Old Version 6

New Version Current

Key

Introduction

Table structure

`cloud.gsuite.alerts.appmaker_default_cloud_sql_setup`
`cloud.gsuite.alerts.customer_takeout_initiated`	`cloud.gsuite.alerts.customer_takeout_initiated`
`cloud.gsuite.alerts.data_loss_prevention`	`cloud.gsuite.alerts.data_loss_prevention`
`cloud.gsuite.alerts.device_compromised`	`cloud.gsuite.alerts.device_compromised`
`cloud.gsuite.alerts.google_operations`	`cloud.gsuite.alerts.google_operations`
`cloud.gsuite.alerts.government_attack_warning`

`cloud.gsuite.alerts.government_attack_warning`
`cloud.gsuite.alerts.leaked_password`	`cloud.gsuite.alerts.leaked_password`
`cloud.gsuite.alerts.malware_reclassification`	`cloud.gsuite.alerts.malware_reclassification`
`cloud.gsuite.alerts.misconfigured_whitelist`	`cloud.gsuite.alerts.misconfigured_whitelist`
`cloud.gsuite.alerts.phising_reclassification`

`suspicious_activity`
Google Workspace reports	`cloud.gsuite.`