{"id":6143,"date":"2019-11-14T16:31:06","date_gmt":"2019-11-14T09:31:06","guid":{"rendered":"http:\/\/gcloudvn.wam.vn\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/"},"modified":"2023-05-04T10:31:26","modified_gmt":"2023-05-04T03:31:26","slug":"tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat","status":"publish","type":"post","link":"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/","title":{"rendered":"Create rules to automate actions and alerts through the security center"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Nhung_gi_thay_doi\" >What changed?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Ai_chiu_anh_huong\" >Who is affected?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Tai_sao_nen_su_dung\" >T\u1ea1i sao n\u00ean s\u1eed d\u1ee5ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Lam_the_nao_de_bat_dau\" >How to get started<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Thong_tin_bo_sung\" >Additional information<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Tao_va_cau_hinh_cac_quy_tac_trong_cong_cu_dieu_tra_trung_tam_bao_mat\" >Create and configure rules in the security center investigation tool.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Xem_cac_muc_nhat_ky_cu_the_voi_cac_chi_tiet_ve_cac_su_kien_kich_hoat_quy_tac\" >View specific log entries with details of rule trigger events<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Kiem_tra_Activity_Rules_voi_che_do_man_hinh_truoc_khi_thuc_hien\" >Test Activity Rules with monitor mode before doing so.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Xem_va_quan_ly_cac_quy_tac_trong_danh_sach_quy_tac\" >View and manage rules in the rule list.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/tao-quy-tac-de-tu-dong-hoa-cac-hanh-dong-va-canh-bao-thong-qua-trung-tam-bao-mat\/#Xem_kich_hoat_quy_tac_trong_trung_tam_canh_bao\" >View rule triggers in the alert center.<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Nhung_gi_thay_doi\"><\/span><span style=\"font-size: 14pt; font-family: 'times new roman', times, serif;\"><b>What changed?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-family: 'times new roman', times, serif;\"><span style=\"font-weight: 400;\">We&#039;ve added a new kind of rule to <\/span><span style=\"font-weight: 400;\">security center<\/span><span style=\"font-weight: 400;\"> s\u1ebd gi\u00fap qu\u1ea3n tr\u1ecb vi\u00ean v\u00e0 nh\u00e0 ph\u00e2n t\u00edch G Suite (<a href=\"https:\/\/gcloudvn.com\/en\/google-workspace\/\">Google Workspace customers<\/a>) t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c nhi\u1ec7m v\u1ee5 qu\u1ea3n l\u00fd b\u1ea3o m\u1eadt v\u00e0 c\u1ea3i thi\u1ec7n h\u00e0nh \u0111\u1ed9ng b\u1ea3o m\u1eadt c\u1ee7a t\u1ed5 ch\u1ee9c c\u1ee7a h\u1ecd. C\u1ee5 th\u1ec3, v\u1edbi nh\u1eefng c\u1eadp nh\u1eadt n\u00e0y, b\u00e2y gi\u1edd\u00a0 b\u1ea1n c\u00f3 th\u1ec3:\u00a0<\/span><\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">Create Activity Rules, which are automated rules based on log events in the security center&#039;s investigation tool.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">Configure Activity Rules to generate alerts or take corrective actions<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">See specific log entries showing when Activity Rules were fired, what actions were taken, which entities were affected, and more.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">Put Activity Rules in monitor mode to test setup and performance before implementation.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-family: 'times new roman', times, serif;\"><span style=\"font-weight: 400;\">See Activity Rules in the list of rules at <\/span><i><span style=\"font-weight: 400;\">Admin console &gt; Security &gt; Security rules.\u00a0<\/span><\/i><\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">Receive notifications and investigate rule triggers through alert center alerts.<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong><span style=\"font-family: 'times new roman', times, serif;\">See below for more details<\/span><\/strong><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Ai_chiu_anh_huong\"><\/span><span style=\"font-size: 14pt; font-family: 'times new roman', times, serif;\"><b>Who is affected?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-family: 'times new roman', times, serif;\"><span style=\"font-weight: 400;\">Admins only<\/span><\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Tai_sao_nen_su_dung\"><\/span><span style=\"font-size: 14pt; font-family: 'times new roman', times, serif;\"><b>T\u1ea1i sao n\u00ean s\u1eed d\u1ee5ng<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">Security Center is a powerful tool to help administrators and analysts identify, investigate, and remediate security issues. However, we&#039;ve also heard that it&#039;s important to be able to automate detection and remediation to reduce the time it takes to resolve issues after they occur.\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">This launch will make it easier to set up alerts, automate remedial actions, and understand the function and impact of rules, while reducing manual work for administrators.<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Lam_the_nao_de_bat_dau\"><\/span><span style=\"font-size: 14pt; font-family: 'times new roman', times, serif;\"><b>How to get started<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><span style=\"font-family: 'times new roman', times, serif;\"><b>Admins<\/b><span style=\"font-weight: 400;\">:\u00a0<\/span><\/span>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-family: 'times new roman', times, serif;\"><span style=\"font-weight: 400;\">Use our Help Center to learn more about <\/span><a href=\"https:\/\/support.google.com\/a\/answer\/7492003\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">security center<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/support.google.com\/a\/answer\/7575955\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">how to use survey tool<\/span><\/a><\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-family: 'times new roman', times, serif;\"><span style=\"font-weight: 400;\">Use our Help Center to learn more about <\/span><a href=\"https:\/\/support.google.com\/a\/answer\/9275024\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">how to create a rule that works with the survey tool <\/span><\/a><span style=\"font-weight: 400;\">and <\/span><a href=\"https:\/\/support.google.com\/a\/answer\/9420866\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">view and manage privacy rules<\/span><\/a><\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-family: 'times new roman', times, serif;\"><b>End users:<\/b><span style=\"font-weight: 400;\"> There is no action.<\/span><\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Thong_tin_bo_sung\"><\/span><span style=\"font-size: 14pt; font-family: 'times new roman', times, serif;\"><b>Additional information<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Tao_va_cau_hinh_cac_quy_tac_trong_cong_cu_dieu_tra_trung_tam_bao_mat\"><\/span><span style=\"font-family: 'times new roman', times, serif;\"><b>Create and configure rules in the security center investigation tool.<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-family: 'times new roman', times, serif;\"><span style=\"font-weight: 400;\">We&#039;ve added the ability to create and configure Activity Rules in the security center investigation tool. Activity Rules can be based on any log event query in the investigation tool and can automatically run and take corrective actions. It will work in a similar way to how you can create a rule today to do it <\/span><span style=\"font-weight: 400;\">data loss prevention (DLP) for Gmail and Drive<\/span><span style=\"font-weight: 400;\">. We also added the ability to enable or disable rules when searching for rules or audit logs from rules in the investigation tool.<\/span><\/span><\/p>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Xem_cac_muc_nhat_ky_cu_the_voi_cac_chi_tiet_ve_cac_su_kien_kich_hoat_quy_tac\"><\/span><span style=\"font-family: 'times new roman', times, serif;\"><b>View specific log entries with details of rule trigger events<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">Once the Activity Rule is created, we will record and display more specific log entries. Items will include when the rule is triggered, what actions are taken when the rule is triggered, which entities are affected, and the results of those actions. For example, when a rule marks an email as spam, we&#039;ll log an audit event that shows you exactly what happened and under what conditions in the rule triggered. These logs improve investigation, help administrators create effective rules, and make it easier to identify outdated rules.<\/span><\/p>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Kiem_tra_Activity_Rules_voi_che_do_man_hinh_truoc_khi_thuc_hien\"><\/span><span style=\"font-family: 'times new roman', times, serif;\"><b>Test Activity Rules with monitor mode before doing so.<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400; font-family: 'times new roman', times, serif;\">You can also put Activity Rules in desktop mode. While in monitor mode, triggered actions will not actually be executed and alerts will not be sent to the alert center. Logs, however, will still be logged about what the rule will do if it is active. This can help you effectively evaluate your rule without worrying about potential negative effects. When you&#039;re ready, simply switch the rule to active mode.<\/span><\/p>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Xem_va_quan_ly_cac_quy_tac_trong_danh_sach_quy_tac\"><\/span><span style=\"font-family: 'times new roman', times, serif;\"><b>View and manage rules in the rule list.<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-family: 'times new roman', times, serif;\"><span style=\"font-weight: 400;\">Rules set up in the security center will also show up along with other rules in the Admin Console security rules list at <\/span><i><span style=\"font-weight: 400;\">Admin console &gt; Security &gt; Security Rules<\/span><\/i><span style=\"font-weight: 400;\">.\u00a0<\/span><\/span><\/p>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Xem_kich_hoat_quy_tac_trong_trung_tam_canh_bao\"><\/span><span style=\"font-family: 'times new roman', times, serif;\"><b>View rule triggers in the alert center.<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-family: 'times new roman', times, serif;\"><span style=\"font-weight: 400;\">You can see and investigate these rule-based alerts in <\/span><a href=\"https:\/\/support.google.com\/a\/answer\/9105393\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">alert center<\/span><\/a><\/span><\/p>\n<div class=\"wpex-responsive-media\"><iframe loading=\"lazy\" title=\"Preventing, detecting, and fixing data exfiltration on G Suite\" width=\"980\" height=\"551\" src=\"https:\/\/www.youtube.com\/embed\/wrxWiy3FqKQ?feature=oembed\"  allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/div>\n<p style=\"text-align: right;\"><strong>Update: Gimasys<\/strong><\/p>\n<p style=\"text-align: right;\">","protected":false},"excerpt":{"rendered":"<p>Nh\u1eefng g\u00ec thay \u0111\u1ed5i Ch\u00fang t\u00f4i \u0111\u00e3 th\u00eam m\u1ed9t lo\u1ea1i quy t\u1eafc m\u1edbi v\u00e0o trung t\u00e2m b\u1ea3o m\u1eadt s\u1ebd gi\u00fap qu\u1ea3n tr\u1ecb vi\u00ean v\u00e0 nh\u00e0 ph\u00e2n t\u00edch G Suite (Google Workspace) t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c nhi\u1ec7m v\u1ee5 qu\u1ea3n l\u00fd b\u1ea3o&hellip;<\/p>","protected":false},"author":1,"featured_media":6144,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6143","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kienthuc","entry","has-media"],"_links":{"self":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/6143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/comments?post=6143"}],"version-history":[{"count":0,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/6143\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media\/6144"}],"wp:attachment":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media?parent=6143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/categories?post=6143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/tags?post=6143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}