With a configured AlienApp for G Suite, USM Anywhere collects, enriches, and analyzes log data from your Google G Suite environment, detecting any suspicious activity, such as login failures and brute forceTechnique or attack method, typically used with authentication, involving an exhaustive procedure that tries all possibilities (for example, to find a valid password), one-by-one. authentications. When USM Anywhere detects a threat, it generates an alarm.
After the USM Anywhere Sensor collects the first G Suite log data and USM Anywhere normalizes the raw data, these events start appearing in the Events page. To provide a more focused view of these events, there are G Suite dashboards available under Dashboards in the top navigation menu.
Note: All G Suite environments include access to the Google Drive Activity API, which provides the basic G Suite audit log data. However, only G Suite Enterprise or G Suite Business include access to the Reports API, which provides to the advanced G Suite log data. If you are a G Suite Basic customer, you cannot collect log data for Google Drive.
See their Google Support site for more information about the differences between the G Suite editions.
Within your G Suite environment, audit logs track all login attempts for the domain. USM Anywhere delivers deep visibility into these activities by tracking and analyzing all login events, as well as application authorizations and environmental changes. It provides a pre-built dashboard that helps you to quickly detect threats, such as brute force login attempts and compromised accounts.
Open this dashboard to view a summary of the events originating from the G Suite Login audit logs. Click items displayed in the data elements to drill down to the list of events:
- Login Attempts
- Failed Login By User
- Login Failed Reasons
- Top Category
- Failed Login By Address
- Login By Country
- Recently Authorized Applications
- Top Actions
- Login Activity (per hour)
Within your G Suite environment, the Drive audit log tracks all of the user activity for the domain, such as view, create, preview, update, delete, download, or share Google Drive content. This includes the content that your users create in Google Docs, Sheets, Slides, and other G Suite applications, as well as content that your users upload, such as PDF and MS Word files. USM Anywhere delivers deep visibility into these activities by monitoring and analyzing these actions so that you can identify anomalous or suspicious activities on your critical files and detect if your users are communicating or sharing files with known malicious hosts.
Open this dashboard to view a summary of the events originating from the G Suite Drive audit logs. Click items displayed in the data elements to drill down to the list of events:
- Top Events
- Resource Type
- Top Category
- User Activity
- Top File Names