GWorkspace_ReportsAPI_admin_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

---

Attribute	Value
Custom Log V1	Yes 🔶 — uses type-suffixed column names
Ingestion API Supported	✓ Yes

Contents

• Schema
• Solutions
• Connectors
• Content Items
• Parsers

Schema (26 columns)

Source: KQL validation test schema

Column Name	Type
actor_callerType_s	string
actor_email_s	string
actor_key_s	string
actor_profileId_s	string
APPLICATION_EDITION_s	string
APPLICATION_NAME_s	string
etag_s	string
event_name_s	string
event_type_s	string
EventProduct	string
events_s	string
EventVendor	string
id_applicationName_s	string
id_customerId_s	string
id_time_t	datetime
id_uniqueQualifier_s	string
IPAddress	string
kind_s	string
NEW_VALUE_s	string
OLD_VALUE_s	string
ORG_UNIT_NAME_s	string
PRODUCT_NAME_s	string
ROLE_NAME_s	string
SETTING_NAME_s	string
TimeGenerated	datetime
USER_EMAIL_s	string

Solutions (1)

This table is used by the following solutions:

• GoogleWorkspaceReports

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
[DEPRECATED] Google Workspace (G Suite)

---

Content Items Using This Table (25)

Analytic Rules (10)

In solution GoogleWorkspaceReports:

Analytic Rule	Selection Criteria
GWorkspace - API Access Granted
GWorkspace - Admin permissions granted
GWorkspace - Alert events
GWorkspace - An Outbound Relay has been added to a G Suite Domain
GWorkspace - Multiple user agents for single source
GWorkspace - Possible brute force attack
GWorkspace - Possible maldoc file name in Google drive
GWorkspace - Two-step authentification disabled for a user
GWorkspace - Unexpected OS update
GWorkspace - User access has been changed

Hunting Queries (14)

In solution GoogleWorkspaceReports:

Hunting Query	Selection Criteria
GWorkspace - Document Copied from Share Drive to Private Drive
GWorkspace - Document shared externally
GWorkspace - Document shared publicy in web
GWorkspace - Document shared publicy with link
GWorkspace - License Revoke and Assignment to User
GWorkspace - Multi IP addresses by user
GWorkspace - Possible SCAM/SPAM or Phishing via Calendar
GWorkspace - Rare document types by users
GWorkspace - Shared private document
GWorkspace - Suspended users
GWorkspace - Uncommon user agent strings
GWorkspace - Unknown login type
GWorkspace - User reported calendar invite as spam
GWorkspace - Users with several devices

Workbooks (1)

In solution GoogleWorkspaceReports:

Workbook	Selection Criteria
GoogleWorkspace

Parsers Using This Table (1)

Other Parsers (1)

Parser	Solution	Selection Criteria
GWorkspaceActivityReports	GoogleWorkspaceReports

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index