Difference between revisions of "Datadog SIEM Content Packs for Google Workspace"

High

• Google Workspace Alert Center
• Google Workspace Tor client detected
• Google Workspace user assigned supe administrative role
• Google Workspace user edited account recovery information

Medium

• Domain added to Google Workspace allowlisted domains
• Google Workspace accessed by Google
• Google Workspace administrator has disabled 2-step verification for organizational unit

Low

• Google Workspace admin role created
• Google Workspace administrator initiated a data transfer request
• Google Workspace user assigned administrative role
• Google Workspace user disabled 2-step verification
• Google Workspace user forwarding email out of non Google Workspace domain
• Google Workspace user has unenrolled from Advanced Protection
• Large amount of downloads on Google Drive
• User attempted login with leaked password

See also

• Datadog SIEM Content Packs: Cloudtrail, Google Workspace
• Datadog security: Datadog Cloud SIEM, Content Packs, Datadog Cloud SIEM signals
• Google Workspace, Google Workspace API, Admin SDK API, Super admin, Directory API, users.list, users.insert, Admin console (https://admin.google.com), Terraform provider: googleworkspace, Google Workspace: administrator roles, Google Drive, Google Vault, Spaces, Jamboard, Datadog SIEM, Google Endpoint Management, About SSO