Google Workspace

Google Workspace (formerly known as Google Apps and later G Suite) is a collection of cloud computing, productivity, and collaboration tools, software, and products developed and marketed by Google. It consists of Gmail, Contacts, Calendar, Meet and Chat for communication. Devo provides a list of out-of-the-box detections that enable our customers to protect themselves against popular attacks against these environments.

Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel.

Source table → cloud.gsuite.reports.drive

An attacker could steal the credentials of one of your users.

Source table → cloud.gsuite.reports.login

An attacker could steal the credentials or the mobile device of one of your users.

Source table → cloud.gsuite.reports.mobile

An attacker may access data objects from improperly secured cloud storage.

Source table → cloud.gsuite.audit.drive

An adversary may attempt to disable the second factor authentication in order to weaken an organization’s security controls.

Source table → cloud.gsuite.reports.admin