Identifies the occurrence of a security alert from the Google Workspace alerts center. Google Workspace’s security alert center provides an overview of actionable alerts that may be affecting an organization’s domain. An alert is a warning of a potential security issue that Google has detected.
Rule type: query
Risk score: 73
Runs every: 10m
Maximum alerts per execution: 100
- Domain: Cloud
- Data Source: Google Workspace
- Use Case: Log Auditing
- Use Case: Threat Detection
Rule license: Elastic License v2
## Triage and analysis This is a promotion rule for Google Workspace security events, which are alertable events per the vendor. Consult vendor documentation on interpreting specific events.