Difference between revisions of "Datadog SIEM Content Packs for Google Workspace"
Jump to navigation
Jump to search
(→Low) |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | === High === | |
* <code>Google Workspace Alert Center</code> | * <code>Google Workspace Alert Center</code> | ||
| − | |||
* <code>Google Workspace [[Tor]] client detected</code> | * <code>Google Workspace [[Tor]] client detected</code> | ||
| + | * <code>Google Workspace user assigned supe [[administrative role]]</code> | ||
| + | * <code>Google Workspace user edited [[account recovery]] information</code> | ||
| − | + | === Medium === | |
| − | |||
| − | |||
| − | |||
* <code>Domain added to Google Workspace allowlisted domains</code> | * <code>Domain added to Google Workspace allowlisted domains</code> | ||
| − | |||
* <code>Google Workspace accessed by Google</code> | * <code>Google Workspace accessed by Google</code> | ||
| − | |||
* <code>Google Workspace administrator has disabled 2-step verification for organizational unit</code> | * <code>Google Workspace administrator has disabled 2-step verification for organizational unit</code> | ||
=== Low === | === Low === | ||
| − | Google Workspace admin role created | + | * <code>Google Workspace admin role created</code> |
| − | + | * <code>Google Workspace administrator initiated a data transfer request</code> | |
| − | Google Workspace administrator initiated a data transfer request | + | * <code>Google Workspace user assigned administrative role</code> |
| − | + | * <code>Google Workspace user disabled 2-step verification</code> | |
| − | Google Workspace user assigned administrative role | + | * <code>Google Workspace user forwarding email out of non Google Workspace domain</code> |
| − | + | * <code>Google Workspace user has unenrolled from Advanced Protection</code> | |
| − | Google Workspace user disabled 2-step verification | + | * <code>Large amount of downloads on [[Google Drive]]</code> |
| − | + | * <code>User attempted login with [[leaked]] password</code> | |
| − | Google Workspace user forwarding email out of non Google Workspace domain | ||
| − | |||
| − | Google Workspace user has unenrolled from Advanced Protection | ||
| − | |||
| − | Large amount of downloads on Google Drive | ||
| − | |||
| − | User attempted login with leaked password | ||
== See also == | == See also == | ||
| + | * {{Content Packs}} | ||
* {{DD SIEM}} | * {{DD SIEM}} | ||
* {{Google Workspace}} | * {{Google Workspace}} | ||
[[Category:Google]] | [[Category:Google]] | ||
Latest revision as of 12:18, 9 October 2024
Contents
High[edit]
Google Workspace Alert CenterGoogle Workspace Tor client detectedGoogle Workspace user assigned supe administrative roleGoogle Workspace user edited account recovery information
Medium[edit]
Domain added to Google Workspace allowlisted domainsGoogle Workspace accessed by GoogleGoogle Workspace administrator has disabled 2-step verification for organizational unit
Low[edit]
Google Workspace admin role createdGoogle Workspace administrator initiated a data transfer requestGoogle Workspace user assigned administrative roleGoogle Workspace user disabled 2-step verificationGoogle Workspace user forwarding email out of non Google Workspace domainGoogle Workspace user has unenrolled from Advanced ProtectionLarge amount of downloads on Google DriveUser attempted login with leaked password
See also[edit]
- Datadog SIEM Content Packs: Cloudtrail, Google Workspace
- Datadog security: Datadog Cloud SIEM, Content Packs, Datadog Cloud SIEM signals
- Google Workspace, Google Workspace API, Admin SDK API, Super admin, Directory API,
users.list,users.insert, Admin console:admin.google.com, Terraform provider: googleworkspace, Google Workspace: administrator roles, Google Drive, Google Vault, Spaces, Jamboard, Datadog SIEM
Advertising:
