Forwarded Google Workspace Security Alert

Last updated 5 days ago on 2024-09-23

Created 2 years ago on 2023-01-15

About

Identifies the occurrence of a security alert from the Google Workspace alerts center. Google Workspace's security alert center provides an overview of actionable alerts that may be affecting an organization's domain. An alert is a warning of a potential security issue that Google has detected.

Tags: Domain: CloudData Source: Google WorkspaceUse Case: Log AuditingUse Case: Threat Detection
Severity: high
Risk Score: 73
False Positive Examples: To tune this rule, add exceptions to exclude any google_workspace.alert.type which should not trigger this rule. For additional tuning, severity exceptions for google_workspace.alert.metadata.severity can be added.
License: Elastic License v2(opens in a new tab or window)

Definition

Rule Type: Query (Kibana Query Language)
Integration Pack: Prebuilt Security Detection Rules
Index Patterns: filebeat-*logs-google_workspace*
Related Integrations: google_workspace(opens in a new tab or window)
Query

event.dataset: google_workspace.alert

Install detection rules in Elastic Security

Detect Forwarded Google Workspace Security Alert in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(opens in a new tab or window).