Skip to end of metadata
  • Created by Former user , last modified by Former user on Sept 07, 2023
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Current »

Google Workspace (formerly known as Google Apps and later G Suite) is a collection of cloud computing, productivity, and collaboration tools, software, and products developed and marketed by Google. It consists of Gmail, Contacts, Calendar, Meet and Chat for communication. Devo provides a list of out-of-the-box detections that enable our customers to protect themselves against popular attacks against these environments.

 SecOpsGSuiteDriveExternallyShared

Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel.

Source table → cloud.gsuite.reports.drive

 SecOpsGSuiteLoginAccountWarning

An attacker could steal the credentials of one of your users.

Source table → cloud.gsuite.reports.login

 SecOpsGSuiteMobileSuspiciousActivity

An attacker could steal the credentials or the mobile device of one of your users.

Source table → cloud.gsuite.reports.mobile

 SecOpsGSuiteDriveOpenToPublic

An attacker may access data objects from improperly secured cloud storage.

Source table → cloud.gsuite.audit.drive

 SecOpsGSuite2SVDisabled

An adversary may attempt to disable the second factor authentication in order to weaken an organization’s security controls.

Source table → cloud.gsuite.reports.admin

 SecOpsGSuiteExcessiveOAuthPermissionsRequest

An adversary may steal application access tokens as a means of acquiring credentials to access remote systems and resources.

Source table → cloud.gsuite.reports.token

 SecOpsCDIocIpSuspiciousGSuiteData

This search looks for Collective Defense matches in GSuite data.

Source table → cloud.gsuite.reports

 SecOpsGSuiteUnauthorizedOAuthApp

Detects authentications from OAuth apps outside of your predefined list of approved OAuth applications.

Source table → cloud.gsuite.reports.token

 SecOpsGSuiteGovernmentAttackWarning

A government-backed attacker could try to steal a password or other personal information of one of your users by sending an email containing a harmful attachment, links to malicious software or to fake websites.

Source table → cloud.gsuite.alerts

 SecOpsGSuiteAcessTransparencyEvent

A Google Access Transparency log event has been generated. Google is accessing your data.

Source table → cloud.gsuite.reports.access_transparency

 SecOpsGSuiteDriveSuspiciousSharedFileName

Adversaries may send Spear Phishing emails with a malicious attachment or share malicious files by cloud storage services in an attempt to gain access to victim systems.

Source table → cloud.gsuite.reports.drive

  • No labels