LoFP LoFP / to tune this rule, add exceptions to exclude any google_workspace.alert.type which should not trigger this rule.

Techniques

Sample rules

Forwarded Google Workspace Security Alert

Description

Identifies the occurrence of a security alert from the Google Workspace alerts center. Google Workspace’s security alert center provides an overview of actionable alerts that may be affecting an organization’s domain. An alert is a warning of a potential security issue that Google has detected.

Detection logic

event.dataset: google_workspace.alert