Comment on page

Security monitoring in Gsuite

Where your business applications are being access from, and by whom, are fantastic signals about when someone within your company has been phished and compromised.
1. Connect Google Workspace Audit Logs to RunReveal
Follow the setup guide here so RunReveal receives notifications about where your google docs, calendars, etc are being accessed from.
Google Workspace Audit Logs
RunReveal Docs
2. Install the Grafana Plugin
Follow the directions to install our grafana plugin.
Grafana Live Threat Monitoring
RunReveal Docs
The grafana plugin shows what countries your company email, docs, calendar, and other gsuite products are being accessed from. It also will highlight, in red, new countries that started accessing your systems today but previously had never accessed your systems.
 
3. Useful queries
When you create a gsuite source, we'll automatically upload the queries from the runreveal/starterpack repo into your gsuite source.
See Authorized Applications
You can see what applications your users are signing into using their gsuite logins. This is useful for finding shadow IT, and seeing where business applications are being accessed from.
$ runreveal queries run --name authorize-apps
Check our starterpacks
We have several other useful queries in our starterpacks that automatically get added to your account when it's created. Give them a read.
Starter Packs
RunReveal Docs

How-to Guides - Previous

Grafana Live Threat Monitoring

Next - How-to Guides

AWS Intrusion Detection System

Last modified 4mo ago