skip to Main Content
Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN)

Create rules to automate actions and alerts through the security center

What changed?

We've added a new kind of rule to security center sẽ giúp quản trị viên và nhà phân tích G Suite (Google Workspace customers) tự động hóa các nhiệm vụ quản lý bảo mật và cải thiện hành động bảo mật của tổ chức của họ. Cụ thể, với những cập nhật này, bây giờ  bạn có thể: 

  • Create Activity Rules, which are automated rules based on log events in the security center's investigation tool.
  • Configure Activity Rules to generate alerts or take corrective actions
  • See specific log entries showing when Activity Rules were fired, what actions were taken, which entities were affected, and more.
  • Put Activity Rules in monitor mode to test setup and performance before implementation.
  • See Activity Rules in the list of rules at Admin console > Security > Security rules. 
  • Receive notifications and investigate rule triggers through alert center alerts.

See below for more details

Who is affected?

Admins only

Tại sao nên sử dụng

Security Center is a powerful tool to help administrators and analysts identify, investigate, and remediate security issues. However, we've also heard that it's important to be able to automate detection and remediation to reduce the time it takes to resolve issues after they occur.  

This launch will make it easier to set up alerts, automate remedial actions, and understand the function and impact of rules, while reducing manual work for administrators.

How to get started

Additional information

Create and configure rules in the security center investigation tool.

We've added the ability to create and configure Activity Rules in the security center investigation tool. Activity Rules can be based on any log event query in the investigation tool and can automatically run and take corrective actions. It will work in a similar way to how you can create a rule today to do it ngăn ngừa mất dữ liệu (DLP) cho Gmail và Drive. We also added the ability to enable or disable rules when searching for rules or audit logs from rules in the investigation tool.

View specific log entries with details of rule trigger events

Once the Activity Rule is created, we will record and display more specific log entries. Items will include when the rule is triggered, what actions are taken when the rule is triggered, which entities are affected, and the results of those actions. For example, when a rule marks an email as spam, we'll log an audit event that shows you exactly what happened and under what conditions in the rule triggered. These logs improve investigation, help administrators create effective rules, and make it easier to identify outdated rules.

Test Activity Rules with monitor mode before doing so.

You can also put Activity Rules in desktop mode. While in monitor mode, triggered actions will not actually be executed and alerts will not be sent to the alert center. Logs, however, will still be logged about what the rule will do if it is active. This can help you effectively evaluate your rule without worrying about potential negative effects. When you're ready, simply switch the rule to active mode.

View and manage rules in the rule list.

Rules set up in the security center will also show up along with other rules in the Admin Console security rules list at Admin console > Security > Security Rules

View rule triggers in the alert center.

You can see and investigate these rule-based alerts in alert center

Update: Gimasys

Back To Top
0974 417 099