Google Drive
Table of Contents
Policies
Cisco Cloudlock monitors Google in the following policies:
Data Loss Prevention (DLP)
- Predefined
- Build Your Own: Context Only
- Build Your Own: Custom Regex
User Events and Behavior Analytics (UEBA)
- Build Your Own: Event Analysis
GSuite UEBA Coverage
Activities and events covered by Cloudlock for Google can vary depending on the type of GSuite license an organization might have.
##Response Actions
In addition to the Global Response Actions available in all platforms, Google Drive also has four unique Response Actions:
Copy File
Copies the file which violated the policy to a specified owner and folder.
![Screen Shot 2018-11-28 at 4.24.14 PM.png 519](https://files.readme.io/74ebf46-Screen_Shot_2018-11-28_at_4.24.14_PM.png)
Disable download, print, and copy
Disables the ability for commenters and viewers to download, print and copy a file.
Revoke Sharing
Revokes access to the file.
Transfer Ownership
Enables the admin to transfer ownership of the file to a specified owner and folder.
![google 6.png 784](https://files.readme.io/0d748e9-google_6.png)
Incident Examples
This incident was triggered when the user exposed a document publically, violating a Content Only Policy.
This incident was triggered when the user violated a custom regex policy by creating a document with credit card numbers. The list of matches shows where in the document the text matched the credit card numbers the regular expression looks for.
This incident triggered when a user violated the Offsite Activity events analysis policy. Activity was captured by a user in a country outside of the allowed countries.
Object Activity
Object Activity is a tab only available in Google incidents. The page displays activities that modified the object, who performed the activity and the date and time it occurred.
View an Object
For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.
![view object.png 322](https://files.readme.io/b2a40f8-view_object.png)
When viewing an object for Google, the user logged into Cloudlock must be an email that exists in the Google domain.
Viewing an Object Adds a Collaborator
When viewing an object for Google, the user viewing the object is automatically added as a collaborator on the document in Google.
Updated 11 months ago