Skip to main content
Sumo Logic

Install the G Suite App and view the Dashboards

Instructions for  installing the G Suite app  and information about each of the dashboards.

To install the app

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app.

  2. To install the app, click Add to Library and complete the following fields.

    1. App Name. You can retain the existing name, or enter a name of your choice for the app.


    2. Data Source. Select either of these options for the data source.


      • Choose Source Category, and select a source category from the list.


      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).


    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.

    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.

Enable the Documents Shared Outside of Organization panel

To see your data in the Documents Shared Outside of Organization panel of the Google Apps - Drive dashboard, open the panel query.

Add your domain in the query in the highlighted section shown below. Click Update Dashboard to save the query. Now, you can see your data in the panel.

GAppsAddDomain.png

Dashboards

Google Apps - Overview

See an overview of activities in G Suite, including information on login failures, logins from multiple IPs, changes in ACL, login failures by user, top apps, and top events by event type.GoogleAppsOverview (1).pngGoogle Activity by Source Location. Uses a geo lookup operation to display Google activity by Source location on a map of the world for the last 24 hours.

Total Login Failures. Shows the total user login failures as a single value chart for the last 24 hours.

Top Login Failure Reasons. Shows a table with the top reasons for login failure based on a count of events in the last seven days.  

Logins from Multiple IPs. Shows logins from multiple IP addresses by user on a pie chart for the last 24 hours.

ACL Changes. Provides information on changes to the Access Control List in a stacked column chart on a timeline for the last seven days.

Login Failures by User. Shows the login failures by user on a pie chart for the last 24 hours.

Logins from Multiple IPs. Shows a table that provides details on users logging in from multiple IP addresses for the last 24 hours.

Top Event Name by Event Type. Shows a table with top events based on the type of event and event count in the last 24 hours.

Top 10 Apps by Count. Shows the top ten apps by count on a bar graph for the last 24 hours.

Google Apps - Admin

See an overview of administrative activities in G Suite, including information on users and groups that have been created or deleted, app token actions, admin action count, and actions by admins and users.

GoogleAppsAdmin (1).png

Users Created and Deleted. Displays users created and deleted as a table chart including details on the user’s email, admin action, and admin email for the last seven days.

Groups - Users Added or Removed. Displays information on Groups, with users added or removed as a table chart including details on the user email, admin action, group email, and admin email for the last seven days.

App Token Count. Shows details about the App token count as a pie chart for the last seven days.

User Content Transferred. Displays details on user content transferred as a table chart including information on user email, admin action, recipient email, application name, and admin email for the last seven days.

Admin Action Count. Provides information on the count of admin actions in a pie chart for the last seven days.

App Token Actions. Displays details on app token actions in a pie chart for the last seven days.

Action by Admin. Shows actions taken per admin as a pie chart for the last seven days.

User Actions Details. Displays details on user actions in a table chart with information on user email, admin action, group email, recipient email, application name, and admin email for the last seven days.

Google Apps - Drive

See information about Google Drive activity, including drive activity by location, drive activity by country over time, ACL changes, counts of primary actions, recent uploads, and documents viewed.

GoogleAppsDrive (1).png

Drive Activity by Location. Uses a geo lookup operation to display Google Drive activity by location on a map of the world for the last 24 hours.

Drive Activity by Country Over Time. Displays information on Drive activity by country for the last 24 hours on a column chart.

ACL Changes. Provides information on changes to the Access Control List in a table chart including details on drive action name, doc title, old value, new value, target user, and email for the last seven days.

Primary Action Count. Shows a count of primary action for the last 24 days on a bar chart.

Document Downloads by Title. Shows the count of document downloads for the last 24 hours on a pie chart.

Recent Uploads by Title. Shows a count of recent uploads and their title for the last 60 minutes on a table chart.

Document Types. Shows a count of document types and each type's percentage overall for the last last 24 hours on a pie chart.

Documents Viewed - Top 10. Shows the top ten documents viewed, and the count of each document for the last 24 hours on a pie chart.

Documents Being Shared. Shows a table with a list of documents that were shared in the last 24 hours.

Documents Shared Outside of Organization. To see your data in this panel, open the panel query and add your domain in the query as mentioned here.This panel displays details on any documents shared outside the organization including information on drive action name, doc title, new value, target user, and email for the last seven days.

Google Apps - User Activity

See information about Google Drive activity by users, including the most active users and IP addresses; and top users for downloading, uploading, creating, and sharing content.

GoogleAppsDriveUserActivity.png

Most Active Users. Shows a table with the most active users based on the number of events performed by that user.

Most Active IPs. Shows a table with the most active IP addresses based on the number of events performed by that IP address.

Top Users Downloading Contents. Shows a table with the top users downloading content from the drive based on the number of downloads by users.

Top Users Downloading Contents. Shows a table with the top users uploading content from the drive based on the number of uploads by users.

Top Users Downloading Contents. Shows a table with the top users creating content on the drive based on the number of creations by users.

Top Users Sharing Contents Outside of Organization. Shows a table with the top users sharing content from the drive to individuals outside of their organization based on the number of shares by users.

Google Apps - Login

See information about logins to G Suite apps, including a geolocation map of login  locations, logins by state, login activity over time, and successful and failed loginsGoogleAppsLogin (1).pngLogin Activity by Location. Uses a geo lookup operation to display login activity by location on a map of the world for the last 24 hours.

Count by Login State. Displays information on the count by login state in a pie chart for the last seven days.

Login Failures by User, IP Address. Shows details on login failures by user and their IP addresses in a pie chart for the last seven days.

Login Failures - Outlier. Uses an outlier operation to provide information on login failures on a timeline for the last 14 days.

Successful Logins. Displays successful login information in a line chart on a timeline for the last seven days.

Login Failures by User, IP Address. Shows the percentage of login failures per user, along with their IP address, for the last 24 hours on a pie chart.

Successful Logins. Shows trends in successful logins for the last 24 hours on a line chart.

Login Failures - Outlier. Shows details on logins from multiple IP address, including the user’s email and IP address for the last seven days.

Logins from Multiple IPs. Shows a table with logins from multiple IP addresses, along with the the email, IP address, and count of logins, for the last 24 hours.

Login Activity Over Time. Displays information on login activity over time in a stacked column chart on a timeline for the last seven days.

Login Failures by Type. Shows a table with login failures, with the email used, and the type of login failure, for the last seven days.

Searches

Document Flow Diagram. Uses the transaction operator to create a Sankey diagram that displays the document flow.

Excessive Login Failures by User. This is a scheduled search that sends you an alert email when more than three login attempts occur on an account, which could be a security risk.

Login Challenge for Suspicious Sign-ins. This search provides results for Google Login Challenges, which will challenge the user to verify their identity. For details, see https://support.google.com/a/answer/6002699?hl=en.

Outside of Company Guests. This search identifies guests who login that are not from within your company. This search must be edited to include your company’s email domain name.

Password Changes Count. This search identifies password changes made by an admin, which could be useful in case you suspect an admin’s account has been compromised.