cloud.gsuite
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags beginning with cloud.gsuite identify events generated by Google Workspace (formerly Google G Suite).
Valid tags and data tables
The full tag must have four levels. The first two are fixed as cloud.gsuite and represent technology and brand. The third level corresponds to the service while the fourth identifies the type of events sent.
Technology | Brand | Service | Type |
|---|---|---|---|
cloud | gsuite | alerts |
|
reports |
| ||
audit |
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
cloud.gsuite.alerts.generic | cloud.gsuite.alerts |
cloud.gsuite.alerts.activity_rule | cloud.gsuite.alerts.activity_rule |
cloud.gsuite.alerts.appmaker_default_cloud_sql_setup | cloud.gsuite.alerts.appmaker_default_cloud_sql_setup |
cloud.gsuite.alerts.customer_takeout_initiated | cloud.gsuite.alerts.customer_takeout_initiated |
cloud.gsuite.alerts.data_loss_prevention | cloud.gsuite.alerts.data_loss_prevention |
cloud.gsuite.alerts.device_compromised | cloud.gsuite.alerts.device_compromised |
cloud.gsuite.alerts.google_operations | cloud.gsuite.alerts.google_operations |
cloud.gsuite.alerts.government_attack_warning | cloud.gsuite.alerts.government_attack_warning |
cloud.gsuite.alerts.leaked_password | cloud.gsuite.alerts.leaked_password |
cloud.gsuite.alerts.malware_reclassification | cloud.gsuite.alerts.malware_reclassification |
cloud.gsuite.alerts.misconfigured_whitelist | cloud.gsuite.alerts.misconfigured_whitelist |
cloud.gsuite.alerts.phising_reclassification | cloud.gsuite.alerts.phising_reclassification |
cloud.gsuite.alerts.suspicious_message_reported | cloud.gsuite.alerts.suspicious_message_reported |
cloud.gsuite.alerts.suspicious_login | cloud.gsuite.alerts.suspicious_login |
cloud.gsuite.alerts.suspicious_login_less_secure_app | cloud.gsuite.alerts.suspicious_login_less_secure_app |
cloud.gsuite.alerts.suspicious_programmatic_login | cloud.gsuite.alerts.suspicious_programmatic_login |
cloud.gsuite.alerts.suspended_spam_through_relay | cloud.gsuite.alerts.suspended_spam_through_relay |
cloud.gsuite.alerts.suspended_suspicious_activity | cloud.gsuite.alerts.suspended_suspicious_activity |
cloud.gsuite.alerts.suspicious_activity | cloud.gsuite.alerts.suspicious_activity |
cloud.gsuite.alerts.super_admin_password_reset | cloud.gsuite.alerts.super_admin_password_reset |
cloud.gsuite.alerts.user_reported_phising | cloud.gsuite.alerts.user_reported_phising |
cloud.gsuite.alerts.user_reported_spam_spike | cloud.gsuite.alerts.user_reported_spam_spike |
cloud.gsuite.alerts.user_suspended | cloud.gsuite.alerts.user_suspended |
cloud.gsuite.alerts.user_suspended.user_suspended_spam | cloud.gsuite.alerts.user_suspended.user_suspended_spam |
cloud.gsuite.reports.generic | cloud.gsuite.reports |
cloud.gsuite.reports.access_transparency | cloud.gsuite.reports.access_transparency |
cloud.gsuite.reports.admin | cloud.gsuite.reports.admin |
cloud.gsuite.reports.calendar | cloud.gsuite.reports.calendar |
cloud.gsuite.reports.chat | cloud.gsuite.reports.chat |
cloud.gsuite.reports.data_studio | cloud.gsuite.reports.data_studio |
cloud.gsuite.reports.drive | cloud.gsuite.reports.drive |
cloud.gsuite.reports.gcp | cloud.gsuite.reports.gcp |
cloud.gsuite.reports.groups | cloud.gsuite.reports.groups |
cloud.gsuite.reports.gplus | cloud.gsuite.reports.gplus |
cloud.gsuite.reports.jamboard | cloud.gsuite.reports.jamboard |
cloud.gsuite.reports.login | cloud.gsuite.reports.login |
cloud.gsuite.reports.meet | cloud.gsuite.reports.meet |
cloud.gsuite.reports.mobile | cloud.gsuite.reports.mobile |
cloud.gsuite.reports.rules | cloud.gsuite.reports.rules |
cloud.gsuite.reports.saml | cloud.gsuite.reports.saml |
cloud.gsuite.reports.token | cloud.gsuite.reports.token |
cloud.gsuite.reports.user_accounts | cloud.gsuite.reports.user_accounts |
cloud.gsuite.audit.drive | cloud.gsuite.audit.drive |
Table structure
This is the set displayed by these tables.