Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This hunting query searches for document copy activity from shared drive to a private drive, potential sign of data exfiltration. https://www.mitiga.io/blog/mitiga-security-advisory-lack-of-forensic-visibility-with-the-basic-license-in-google-drive
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GoogleWorkspaceReports |
| ID | 69e8a40f-6508-4f43-8eef-2f78ad6174df |
| Severity | Medium |
| Tactics | Exfiltration, Impact |
| Techniques | T1537, T1565 |
| Required Connectors | GoogleWorkspaceReportsAPI |
| Source | View on GitHub |
⚠️ Not listed in Solution JSON: This content item was discovered by scanning the solution folder but is not included in the official Solution JSON file. It may be a legacy item, under development, or excluded from the official solution package.
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
GWorkspace_ReportsAPI_access_transparency_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_admin_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_calendar_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_chat_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_chrome_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_context_aware_access_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_data_studio_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_drive_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_gcp_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_gplus_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_groups_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_groups_enterprise_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_jamboard_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_keep_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_login_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_meet_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_mobile_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_rules_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_saml_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_token_CL 🔶 |
? | ✓ | ? |
GWorkspace_ReportsAPI_user_accounts_CL 🔶 |
? | ✓ | ? |
GoogleWorkspaceReports_CL 🔶 |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊