skip to Main Content
Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN) gcp@gimasys.com

Create rules to automate actions and alerts through the security center

What changes:

We've added a new kind of rule to security center will help G Suite administrators and analysts automate security management tasks and improve their organization's security actions. Specifically, with these updates, you can now: 

 

  • Create Activity Rules, which are automated rules based on log events in the security center's investigation tool.
  • Configure Activity Rules to generate alerts or take corrective actions
  • See specific log entries showing when Activity Rules were fired, what actions were taken, which entities were affected, and more.
  • Put Activity Rules in monitor mode to test setup and performance before implementation.
  • See Activity Rules in the list of rules at Admin console > Security > Security rules. 
  • Receive notifications and investigate rule triggers through alert center alerts.

 

See below for more details

 

Who is affected:

Admins only

 

Why use:

Security Center is a powerful tool to help administrators and analysts identify, investigate, and remediate security issues. However, we've also heard that it's important to be able to automate detection and remediation to reduce the time it takes to resolve issues after they occur.  

 

This launch will make it easier to set up alerts, automate remedial actions, and understand the function and impact of rules, while reducing manual work for administrators.

 

How to get started:

 

 

Additional information:

 

Create and configure rules in the security center investigation tool.

We've added the ability to create and configure Activity Rules in the security center investigation tool. Activity Rules can be based on any log event query in the investigation tool and can automatically run and take corrective actions. It will work in a similar way to how you can create a rule today to do it data loss prevention (DLP) for Gmail and Drive. We also added the ability to enable or disable rules when searching for rules or audit logs from rules in the investigation tool.

 

View specific log entries with details of rule trigger events

Once the Activity Rule is created, we will record and display more specific log entries. Items will include when the rule is triggered, what actions are taken when the rule is triggered, which entities are affected, and the results of those actions. For example, when a rule marks an email as spam, we'll log an audit event that shows you exactly what happened and under what conditions in the rule triggered. These logs improve investigation, help administrators create effective rules, and make it easier to identify outdated rules.

 

Test Activity Rules with monitor mode before doing so.

You can also put Activity Rules in desktop mode. While in monitor mode, triggered actions will not actually be executed and alerts will not be sent to the alert center. Logs, however, will still be logged about what the rule will do if it is active. This can help you effectively evaluate your rule without worrying about potential negative effects. When you're ready, simply switch the rule to active mode.

 

View and manage rules in the rule list.

Rules set up in the security center will also show up along with other rules in the Admin Console security rules list at Admin console > Security > Security Rules

 

View rule triggers in the alert center.

You can see and investigate these rule-based alerts in alert center

 

 

Source: Gimasys

 

 

Back To Top
0974 417 099