Cisco Cloudlock monitors Google in the following policies:
- Build Your Own: Event Analysis
GSuite UEBA Coverage
Activities and events covered by Cloudlock for Google can vary depending on the type of GSuite license an organization might have.
In addition to the Global Response Actions available in all platforms, Google Drive also has four unique Response Actions:
Copies the file which violated the policy to a specified owner and folder.
Disables the ability for commenters and viewers to download, print and copy a file.
Revokes access to the file.
Enables the admin to transfer ownership of the file to a specified owner and folder.
This incident was triggered when the user exposed a document publically, violating a Content Only Policy.
This incident was triggered when the user violated a custom regex policy by creating a document with credit card numbers. The list of matches shows where in the document the text matched the credit card numbers the regular expression looks for.
This incident triggered when a user violated the Offsite Activity events analysis policy. Activity was captured by a user in a country outside of the allowed countries.
Object Activity is a tab only available in Google incidents. The page displays activities that modified the object, who performed the activity and the date and time it occurred.
For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.
When viewing an object for Google, the user logged into Cloudlock must be an email that exists in the Google domain.
Viewing an Object Adds a Collaborator
When viewing an object for Google, the user viewing the object is automatically added as a collaborator on the document in Google.
Updated about a year ago