HomeDocumentation and Guides

Google Drive

Table of Contents


Cisco Cloudlock monitors Google in the following policies:

Data Loss Prevention (DLP)

User Events and Behavior Analytics (UEBA)

  • Build Your Own: Event Analysis


GSuite UEBA Coverage

Activities and events covered by Cloudlock for Google can vary depending on the type of GSuite license an organization might have.

##Response Actions
In addition to the Global Response Actions available in all platforms, Google Drive also has four unique Response Actions:

Copy File

Copies the file which violated the policy to a specified owner and folder.


Disable download, print, and copy

Disables the ability for commenters and viewers to download, print and copy a file.

Revoke Sharing

Revokes access to the file.

Transfer Ownership

Enables the admin to transfer ownership of the file to a specified owner and folder.


Incident Examples

This incident was triggered when the user exposed a document publically, violating a Content Only Policy.

This incident was triggered when the user violated a custom regex policy by creating a document with credit card numbers. The list of matches shows where in the document the text matched the credit card numbers the regular expression looks for.

This incident triggered when a user violated the Offsite Activity events analysis policy. Activity was captured by a user in a country outside of the allowed countries.

Object Activity

Object Activity is a tab only available in Google incidents. The page displays activities that modified the object, who performed the activity and the date and time it occurred.

View an Object

For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.


When viewing an object for Google, the user logged into Cloudlock must be an email that exists in the Google domain.


Viewing an Object Adds a Collaborator

When viewing an object for Google, the user viewing the object is automatically added as a collaborator on the document in Google.