Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Current »

Google Workspace (formerly known as Google Apps and later G Suite) is a collection of cloud computing, productivity, and collaboration tools, software, and products developed and marketed by Google. It consists of Gmail, Contacts, Calendar, Meet and Chat for communication. Devo provides a list of out-of-the-box detections that enable our customers to protect themselves against popular attacks against these environments.

 SecOpsGSuiteDriveExternallyShared

Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel.

Source table → cloud.gsuite.reports.drive

 SecOpsGSuiteLoginAccountWarning

An attacker could steal the credentials of one of your users.

Source table → cloud.gsuite.reports.login

 SecOpsGSuiteMobileSuspiciousActivity

An attacker could steal the credentials or the mobile device of one of your users.

Source table → cloud.gsuite.reports.mobile

 SecOpsGSuiteDriveOpenToPublic

An attacker may access data objects from improperly secured cloud storage.

Source table → cloud.gsuite.audit.drive

 SecOpsGSuite2SVDisabled

An adversary may attempt to disable the second factor authentication in order to weaken an organization’s security controls.

Source table → cloud.gsuite.reports.admin

 SecOpsGSuiteExcessiveOAuthPermissionsRequest

An adversary may steal application access tokens as a means of acquiring credentials to access remote systems and resources.

Source table → cloud.gsuite.reports.token

 SecOpsCDIocIpSuspiciousGSuiteData

This search looks for Collective Defense matches in GSuite data.

Source table → cloud.gsuite.reports

 SecOpsGSuiteUnauthorizedOAuthApp

Detects authentications from OAuth apps outside of your predefined list of approved OAuth applications.

Source table → cloud.gsuite.reports.token

 SecOpsGSuiteGovernmentAttackWarning

A government-backed attacker could try to steal a password or other personal information of one of your users by sending an email containing a harmful attachment, links to malicious software or to fake websites.

Source table → cloud.gsuite.alerts

 SecOpsGSuiteAcessTransparencyEvent

A Google Access Transparency log event has been generated. Google is accessing your data.

Source table → cloud.gsuite.reports.access_transparency

 SecOpsGSuiteDriveSuspiciousSharedFileName

Adversaries may send Spear Phishing emails with a malicious attachment or share malicious files by cloud storage services in an attempt to gain access to victim systems.

Source table → cloud.gsuite.reports.drive

  • No labels