Comment on page

Security monitoring in Gsuite

Where your business applications are being access from, and by whom, are fantastic signals about when someone within your company has been phished and compromised.

1. Connect Google Workspace Audit Logs to RunReveal

Follow the setup guide here so RunReveal receives notifications about where your google docs, calendars, etc are being accessed from.

2. Install the Grafana Plugin

Follow the directions to install our grafana plugin.
The grafana plugin shows what countries your company email, docs, calendar, and other gsuite products are being accessed from. It also will highlight, in red, new countries that started accessing your systems today but previously had never accessed your systems.

3. Useful queries

When you create a gsuite source, we'll automatically upload the queries from the runreveal/starterpack repo into your gsuite source.

See Authorized Applications

You can see what applications your users are signing into using their gsuite logins. This is useful for finding shadow IT, and seeing where business applications are being accessed from.
$ runreveal queries run --name authorize-apps

Check our starterpacks

We have several other useful queries in our starterpacks that automatically get added to your account when it's created. Give them a read.