You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 9
Next »
Overview
Google Workspace (formerly known as Google Apps and later G Suite) is a collection of cloud computing, productivity, and collaboration tools, software, and products developed and marketed by Google. It consists of Gmail, Contacts, Calendar, Meet and Chat for communication. Devo provides a list of out-of-the-box detections that enable our customers to protect themselves against popular attacks against these environments.
Government Attack Warning
A government-backed attacker could try to steal a password or other personal information of one of your users by sending an email containing a harmful attachment, links to malicious software, or to fake websites.
Source table → cloud.gsuite.alerts
Drive Open To Public
An attacker may access data objects from improperly secured cloud storage.
Source table → cloud.gsuite.audit.drive
Access Transparency Event
A Google Access Transparency log event has been generated. Google is accessing your data.
Source table → cloud.gsuite.reports.access_transparency
2SV Disabled
An adversary may attempt to disable the second-factor authentication in order to weaken an organization’s security controls.
Source table → cloud.gsuite.reports.admin
Login Account Warning
An attacker could steal the credentials of one of your users.
Source table → cloud.gsuite.reports.login
Mobile Suspicious Activity
An attacker could steal the credentials or the mobile device of one of your users.
Source table → cloud.gsuite.reports.mobile
Excessive OAuth Permissions Request
An adversary may steal application access tokens as a means of acquiring credentials to access remote systems and resources.
Source table → cloud.gsuite.reports.token
Unauthorized OAuth App
Detects authentications from OAuth apps outside of your predefined list of approved OAuth applications.
Source table → cloud.gsuite.reports.token
