Document toolboxDocument toolbox

cloud.gsuite

Introduction

The tags beginning with cloud.gsuite identify events generated by Google Workspace (formerly Google G Suite).

Valid tags and data tables

The full tag must have four levels. The first two are fixed as cloud.gsuite and represent technology and brand. The third level corresponds to the service while the fourth identifies the type of events sent.

Technology

Brand

Service

Type

Technology

Brand

Service

Type

cloud

gsuite

alerts

  • activity_rule

  • appmaker_default_cloud_sql_setup

  • customer_takeout_initiated

  • data_loss_prevention

  • device_compromised

  • google_operations

  • government_attack_warning

  • leaked_password

  • malware_reclassification

  • misconfigured_whitelist

  • phising_reclassification

  • suspicious_message_reported

  • suspicious_login

  • suspicious_login_less_secure_app

  • suspicious_programmatic_login

  • suspended_spam_through_relay

  • suspended_suspicious_activity

  • suspicious_activity

  • super_admin_password_reset

  • user_reported_phising

  • user_reported_spam_spike

  • user_suspended

  • user_suspended_spam

reports

  • access_transparency

  • admin

  • calendar

  • chat

  • data_studio

  • drive

  • gcp

  • gplus

  • groups

  • groups_entreprise

  • jamboard

  • login

  • meet

  • mobile

  • rules

  • saml

  • token

  • user_accounts

audit

  • drive

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

Tag

Data table

cloud.gsuite.alerts.generic

cloud.gsuite.alerts

cloud.gsuite.alerts.activity_rule

cloud.gsuite.alerts.activity_rule

cloud.gsuite.alerts.appmaker_default_cloud_sql_setup

cloud.gsuite.alerts.appmaker_default_cloud_sql_setup

cloud.gsuite.alerts.customer_takeout_initiated

cloud.gsuite.alerts.customer_takeout_initiated

cloud.gsuite.alerts.data_loss_prevention

cloud.gsuite.alerts.data_loss_prevention

cloud.gsuite.alerts.device_compromised

cloud.gsuite.alerts.device_compromised

cloud.gsuite.alerts.google_operations

cloud.gsuite.alerts.google_operations

cloud.gsuite.alerts.government_attack_warning

cloud.gsuite.alerts.government_attack_warning

cloud.gsuite.alerts.leaked_password

cloud.gsuite.alerts.leaked_password

cloud.gsuite.alerts.malware_reclassification

cloud.gsuite.alerts.malware_reclassification

cloud.gsuite.alerts.misconfigured_whitelist

cloud.gsuite.alerts.misconfigured_whitelist

cloud.gsuite.alerts.phising_reclassification

cloud.gsuite.alerts.phising_reclassification

cloud.gsuite.alerts.suspicious_message_reported

cloud.gsuite.alerts.suspicious_message_reported

cloud.gsuite.alerts.suspicious_login

cloud.gsuite.alerts.suspicious_login

cloud.gsuite.alerts.suspicious_login_less_secure_app

cloud.gsuite.alerts.suspicious_login_less_secure_app

cloud.gsuite.alerts.suspicious_programmatic_login

cloud.gsuite.alerts.suspicious_programmatic_login

cloud.gsuite.alerts.suspended_spam_through_relay

cloud.gsuite.alerts.suspended_spam_through_relay

cloud.gsuite.alerts.suspended_suspicious_activity

cloud.gsuite.alerts.suspended_suspicious_activity

cloud.gsuite.alerts.suspicious_activity

cloud.gsuite.alerts.suspicious_activity

cloud.gsuite.alerts.super_admin_password_reset

cloud.gsuite.alerts.super_admin_password_reset

cloud.gsuite.alerts.user_reported_phising

cloud.gsuite.alerts.user_reported_phising

cloud.gsuite.alerts.user_reported_spam_spike

cloud.gsuite.alerts.user_reported_spam_spike

cloud.gsuite.alerts.user_suspended

cloud.gsuite.alerts.user_suspended

cloud.gsuite.alerts.user_suspended.user_suspended_spam

cloud.gsuite.alerts.user_suspended.user_suspended_spam

cloud.gsuite.reports.generic

cloud.gsuite.reports

cloud.gsuite.reports.access_transparency

cloud.gsuite.reports.access_transparency

cloud.gsuite.reports.admin

cloud.gsuite.reports.admin

cloud.gsuite.reports.calendar

cloud.gsuite.reports.calendar

cloud.gsuite.reports.chat

cloud.gsuite.reports.chat

cloud.gsuite.reports.data_studio

cloud.gsuite.reports.data_studio

cloud.gsuite.reports.drive

cloud.gsuite.reports.drive

cloud.gsuite.reports.gcp

cloud.gsuite.reports.gcp

cloud.gsuite.reports.groups

cloud.gsuite.reports.groups

cloud.gsuite.reports.gplus

cloud.gsuite.reports.gplus

cloud.gsuite.reports.jamboard

cloud.gsuite.reports.jamboard

cloud.gsuite.reports.login

cloud.gsuite.reports.login

cloud.gsuite.reports.meet

cloud.gsuite.reports.meet

cloud.gsuite.reports.mobile

cloud.gsuite.reports.mobile

cloud.gsuite.reports.rules

cloud.gsuite.reports.rules

cloud.gsuite.reports.saml

cloud.gsuite.reports.saml

cloud.gsuite.reports.token

cloud.gsuite.reports.token

cloud.gsuite.reports.user_accounts

cloud.gsuite.reports.user_accounts

cloud.gsuite.audit.drive

cloud.gsuite.audit.drive

Table structure

This is the set displayed by these tables.