Skip to main content
Sumo Logic

Google Apps Dashboards

Google Apps - Overview

google_apps_overview.png

Google Activity by Source Location. Uses a geo lookup operation to display Google activity by Source location on a map of the world for the last 24 hours.

Total Login Failures. Displays the total user login failures as a single value chart for the last 24 hours.

ACL Changes. Provides information on changes to the Access Control List in a stacked column chart on a timeline for the last seven days.

Login Failures by User. Shows the login failures by user in a pie chart for the last 24 hours.

Logins from Multiple IPs. Provides details on users logging in from multiple IP addresses in a pie chart for the last three days.

Top 10 Apps by Count. Displays the top 10 apps by count in a pie chart for the last 24 hours.
 

Google Apps - Admin

google_apps_admin.png

Users Created and Deleted. Displays users created and deleted as a table chart including details on the user’s email, admin action, and admin email for the last seven days.

Groups - Users Added or Removed. Provides information on Groups, with users added or removed as a table chart including details on the user email, admin action, group email, and admin email for the last seven days.

App Token Count. Shows details about the App token count as a pie chart for the last seven days.

User Content Transferred. Displays details on user content transferred as a table chart including information on user email, admin action, recipient email, application name, and admin email.

Admin Action Count. Provides information on the count of admin actions in a pie chart for the last seven days.

App Token Actions. Displays details on app token actions in a pie chart for the last seven days.

Admin Action by Admin. Shows actions taken per admin as a pie chart for the last seven days.

User Actions Details. Provides details on user actions in a table chart with information on user email, admin action, group email, recipient email, application name, and admin email.

Google Apps - Drive

Drive Activity by Location. Uses a geo lookup operation to display Google Drive activity by location on a map of the world for the last 24 hours.

Action Count. Displays the action count in a pie chart for the last seven days.

Document Downloads by Title. Provides information on documents downloaded by title in a pie chart for the last seven days.

ACL Changes. Provides information on changes to the Access Control List in a table chart including details on drive action name, doc title, old value, new value, target user, and email for the last seven days.

Documents Shared Outside of Organization. Displays details on any documents shared outside the organization including information on drive action name, doc title, new value, target user, and email for the last seven days.

Google Apps - Login

Login Activity by Location. Uses a geo lookup operation to display login activity by location on a map of the world for the last 24 hours.

Count by Login State. Displays information on the count by login state in a pie chart for the last seven days.

Login Failures by User, IP Address. Shows details on login failures by user and their IP addresses in a pie chart for the last seven days.

Login Failures - Outlier. Uses an outlier operation to provide information on login failures on a timeline for the last 14 days.

Successful Logins. Displays successful login information in a line chart on a timeline for the last seven days.

Login Failures by Type. Provides information on login failures by type in a table chart including details on email and login failure type for the last seven days.

Logins from Multiple IPs. Shows details on logins from multiple IP address, including the user’s email and IP address for the last seven days.

Login Activity Over Time. Displays information on login activity over time in a stacked column chart on a timeline for the last seven days.
 

Searches

Document Flow Diagram. Uses the transaction operator to create a Sankey diagram that displays the document flow.

Excessive Login Failures by User. This is a scheduled search that sends you an alert email when more than three login attempts occur on an account, which could be a security risk.

Login Challenge for Suspicious Sign-ins. This search provides results for Google Login Challenges, which will challenge the user to verify their identity. For details, see https://support.google.com/a/answer/6002699?hl=en.

Outside of Company Guests. This search identifies guests who login that are not from within your company. This search must be edited to include your company’s email domain name.

Password Changes Count. This search identifies password changes made by an admin, which could be useful in case you suspect an admin’s account has been compromised.