IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Forwarded Google Workspace Security Alert
editForwarded Google Workspace Security Alert
editIdentifies the occurrence of a security alert from the Google Workspace alerts center. Google Workspace’s security alert center provides an overview of actionable alerts that may be affecting an organization’s domain. An alert is a warning of a potential security issue that Google has detected.
Rule type: query
Rule indices:
- filebeat-*
- logs-google_workspace*
Severity: high
Risk score: 73
Runs every: 10m
Searches indices from: now-130m (Date Math format, see also Additional look-back time
)
Maximum alerts per execution: 100
References:
Tags:
- Elastic
- Cloud
- Google Workspace
- Log Auditing
- Threat Detection
Version: 1
Rule authors:
- Elastic
Rule license: Elastic License v2
Investigation guide
edit## Triage and analysis This is a promotion rule for Google Workspace security events, which are alertable events per the vendor. Consult vendor documentation on interpreting specific events.
Rule query
editevent.dataset: google_workspace.alert