AlienVault® USM Anywhere™

Viewing Your G Suite Events

Role Availability Read-Only Analyst Manager

With a configured AlienApp for G Suite, USM Anywhere collects, enriches, and analyzes log data from your Google G Suite environment, detecting any suspicious activity, such as login failures and brute forceTechnique or attack method, typically used with authentication, involving an exhaustive procedure that tries all possibilities (for example, to find a valid password), one-by-one. authentications. When USM Anywhere detects a threat, it generates an alarm.

After the USM Anywhere Sensor collects the first G Suite log data and USM Anywhere normalizes the raw data, these events start appearing in the Events page. To provide a more focused view of these events, there are G Suite dashboards available under Dashboards in the top navigation menu.

Note: All G Suite environments include access to the Google Drive Activity API, which provides the basic G Suite audit log data. However, only G Suite Enterprise or G Suite Business include access to the Reports API, which provides to the advanced G Suite log data. If you are a G Suite Basic customer, you cannot collect log data for Google Drive.

See their Google Support site for more information about the differences between the G Suite editions.

View one of the G Suite dashboards in USM Anywhere