Skip to main content
Sumo Logic

Install the G Suite App and view the Dashboards

Details and overview of Google Apps dashboard.

Install the Sumo Logic App

Now that you have configured Google Apps logs, install the Sumo Logic App for G Suite to take advantage of the preconfigured searches and dashboards to analyze your data. 

Preconfigured searches include:

  • Document Flow Diagram
  • Excessive Login Failures by User
  • Login Challenge for Suspicious Sign-ins
  • Outside of Company Guests
  • Password Changes Count

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

To see your data in the Documents Shared Outside of Organization panel of the Google Apps - Drive dashboard, open the panel query.

GApps-Drive.png

Add your domain in the query in the highlighted section shown below. Click Update Dashboard to save the query. Now, you can see you data in the Panel.

GAppsAddDomain.png

Dashboards

Google Apps - Overview

google_apps_overview.png

Google Activity by Source Location. Uses a geo lookup operation to display Google activity by Source location on a map of the world for the last 24 hours.

Total Login Failures. Displays the total user login failures as a single value chart for the last 24 hours.

ACL Changes. Provides information on changes to the Access Control List in a stacked column chart on a timeline for the last seven days.

Login Failures by User. Shows the login failures by user in a pie chart for the last 24 hours.

Logins from Multiple IPs. Provides details on users logging in from multiple IP addresses in a pie chart for the last three days.

Top 10 Apps by Count. Displays the top 10 apps by count in a pie chart for the last 24 hours.

Google Apps - Admin

google_apps_admin.png

Users Created and Deleted. Displays users created and deleted as a table chart including details on the user’s email, admin action, and admin email for the last seven days.

Groups - Users Added or Removed. Provides information on Groups, with users added or removed as a table chart including details on the user email, admin action, group email, and admin email for the last seven days.

App Token Count. Shows details about the App token count as a pie chart for the last seven days.

User Content Transferred. Displays details on user content transferred as a table chart including information on user email, admin action, recipient email, application name, and admin email.

Admin Action Count. Provides information on the count of admin actions in a pie chart for the last seven days.

App Token Actions. Displays details on app token actions in a pie chart for the last seven days.

Admin Action by Admin. Shows actions taken per admin as a pie chart for the last seven days.

User Actions Details. Provides details on user actions in a table chart with information on user email, admin action, group email, recipient email, application name, and admin email.

Google Apps - Drive

Drive Activity by Location. Uses a geo lookup operation to display Google Drive activity by location on a map of the world for the last 24 hours.

Action Count. Displays the action count in a pie chart for the last seven days.

Document Downloads by Title. Provides information on documents downloaded by title in a pie chart for the last seven days.

ACL Changes. Provides information on changes to the Access Control List in a table chart including details on drive action name, doc title, old value, new value, target user, and email for the last seven days.

Documents Shared Outside of Organization. To see your data in this panel, open the panel query and add your domain in the query as mentioned here.
This panel displays details on any documents shared outside the organization including information on drive action name, doc title, new value, target user, and email for the last seven days.

Google Apps - Login

Login Activity by Location. Uses a geo lookup operation to display login activity by location on a map of the world for the last 24 hours.

Count by Login State. Displays information on the count by login state in a pie chart for the last seven days.

Login Failures by User, IP Address. Shows details on login failures by user and their IP addresses in a pie chart for the last seven days.

Login Failures - Outlier. Uses an outlier operation to provide information on login failures on a timeline for the last 14 days.

Successful Logins. Displays successful login information in a line chart on a timeline for the last seven days.

Login Failures by Type. Provides information on login failures by type in a table chart including details on email and login failure type for the last seven days.

Logins from Multiple IPs. Shows details on logins from multiple IP address, including the user’s email and IP address for the last seven days.

Login Activity Over Time. Displays information on login activity over time in a stacked column chart on a timeline for the last seven days.
 

Searches

Document Flow Diagram. Uses the transaction operator to create a Sankey diagram that displays the document flow.

Excessive Login Failures by User. This is a scheduled search that sends you an alert email when more than three login attempts occur on an account, which could be a security risk.

Login Challenge for Suspicious Sign-ins. This search provides results for Google Login Challenges, which will challenge the user to verify their identity. For details, see https://support.google.com/a/answer/6002699?hl=en.

Outside of Company Guests. This search identifies guests who login that are not from within your company. This search must be edited to include your company’s email domain name.

Password Changes Count. This search identifies password changes made by an admin, which could be useful in case you suspect an admin’s account has been compromised.