Not a user yet?
Log in Register for free Suggest a product
Update

Workspace audit logs: New functionality and expanded event fields

WorkspaceWorkspace
Google

Workspace audit logs: New functionality and expanded event fields

We’re releasing a number of enhancements to Workspace audit logs, including:

  1. Log filtering enhancements for Resource fields in the security investigation tool for Gmail and Google Drive
  2. Updated Application and Network fields available in the Workspace audit log integration with Google Security Operations (SecOps)
  3. Expanded filtering in the AdminSDK Activities.List method
  4. New OwnerDetails field in the events published to the AdminSDK and BigQuery

Log filtering enhancements for Resource fields in the security investigation tool for Gmail and Google Drive

The security investigation tool now features improved filtering for the Resources attribute for Gmail and Google Drive log events. These updates enable administrators to execute more granular searches, particularly by utilizing classification labels. Because classification labels offer essential metadata for identifying sensitive content and enforcing security policies, the capability to filter audit logs through these labels is vital for analyzing data patterns and investigating security incidents.

Additionally, we have also added filtering support for the Actor application info attribute for Gmail log events.

Updated Application and Network fields available in the Workspace audit log integration with Google Security Operations (SecOps)

Expanded filtering in the AdminSDK Activities.List method

We’re adding filtering for the following fields in the Activities.List method of the AdminSDK:

  • RegionCode: Filter audit logs belonging to specified region using networkInfoFilter field in the api request
  • OAuthClientId: Filter audit logs where actions are done by specified app using applicationInfoFilter field in the api request

New OwnerDetails field in the events published to the AdminSDK and BigQuery
A new OwnerDetails field in Resource Details identifies who owns a resource using two primary fields:

  • Owner Type: This specifies the category of the owner. The owner of the resource can be an individual person (USER), entire organization (CUSTOMER), or a GROUP. SHARED_DRIVE
  • Owner Identity: This contains specific details (like IDs or email addresses) of that owner

Getting started

  • Admins: As the changes roll out, get started with your analysis in either the Audit and Investigation tool, Admin SDK (Reports API), SecOps, or BigQuery.
  • End users: There is no end user setting for this feature.

Rollout pace

  • Rapid Release and Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility)

Availability

  • Available for Google Workspace with Audit Log eligible licenses. Note that Classification labels are available only for some editions.
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Google updates

More from the Cloud Services section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad