Versions Compared

Old Version 8

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Google Workspace (formerly known as Google Apps and later G Suite) is a collection of cloud computing, productivity, and collaboration tools, software, and products developed and marketed by Google. It consists of Gmail, Contacts, Calendar, Meet and Chat for communication. Devo provides a list of out-of-the-box detections that enable our customers to protect themselves against popular attacks against these environments.

Expand
titleSecOpsGSuiteDriveExternallyShared

Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel.

Source table → cloud.gsuite.reports.drive

A government-backed
Expand
titleGovernment Attack Warning
SecOpsGSuiteLoginAccountWarning

An attacker could try to steal a password or other personal information steal the credentials of one of your users by sending an email containing a harmful attachment, links to malicious software, or to fake websites.

Source table → cloud.gsuite.reports.alertslogin

Expand
title

...

SecOpsGSuiteMobileSuspiciousActivity

An attacker

...

could steal the credentials or the mobile device of one of your users.

Source table → cloud.gsuite.

...

reports.

...

mobile

...

Expand
title

...

SecOpsGSuiteDriveOpenToPublic

An attacker may access data objects from improperly secured cloud storage.

Source table → cloud.gsuite.

...

audit.

...

drive

Expand
title

...

SecOpsGSuite2SVDisabled

An adversary may attempt to disable the second factor authentication in order to weaken an organization’s security controls.

Source table → cloud.gsuite.reports.admin

Expand
title

...

SecOpsGSuiteExcessiveOAuthPermissionsRequest

An

...

adversary may steal application access tokens as a means of acquiring credentials to access remote systems and resources.

Source table → cloud.gsuite.reports.token

Expand
titleSecOpsCDIocIpSuspiciousGSuiteData

This search looks for Collective Defense matches in GSuite data.

Source table → cloud.gsuite.reports

Expand
titleSecOpsGSuiteUnauthorizedOAuthApp

Detects authentications from OAuth apps outside of your predefined list of approved OAuth applications.

Source table → cloud.gsuite.reports.

...

token

...

Expand
title

...

SecOpsGSuiteGovernmentAttackWarning

A government-backed attacker could try to steal

...

a password or other personal information of one of your users by sending an email containing a harmful attachment, links to malicious software or to fake websites.

Source table → cloud.gsuite.

...

alerts

...

Expand
title

...

SecOpsGSuiteAcessTransparencyEvent

A Google Access Transparency log event has been generated. Google is accessing your data.

Source table → cloud.gsuite.reports.

...

access_transparency

...

Expand
title

...

SecOpsGSuiteDriveSuspiciousSharedFileName

Adversaries may send Spear Phishing emails with a malicious attachment or share malicious files by cloud storage services in an attempt to gain access to victim systems.

Source table → cloud.gsuite.reports.

...

drive