GAT lets G Suite Admins search all Domain-wide email folders and email contents and attachments with the same ease it lets you search Domain-wide Drive folders and contents.
This is like a Gmail UI search but applied to all or some of your accounts. You can use all the search parameters described here.
The string below is the suggested opening search string for Payment Card Industry Data Security Standard (PCI DSS) compliance testing using GAT+.
Cut and paste into the ‘Email content search’ tab of Email audit. You may add or subtract from the list as appropriate, to a max of 1024 characters. Should you need a longer search string, use 2 searches.
‘Amex’ OR “American Express” OR ‘Mastercard’ OR ‘Visa’ OR ‘Discover’ OR “Diner’s Club” OR “Diners Club” OR ‘JCB’ OR ‘CCV’ OR ‘CID’
You will notice the string above is starting inside a bracket. This is because the full string set of strings can also be enclosed in brackets as follows:
(‘Amex’ OR “American Express” OR ‘Mastercard’ OR ‘Visa’ OR ‘Discover’ OR “Diner’s Club” OR “Diners Club” OR ‘JCB’ OR ‘CCV2’ OR ‘CID’)
Allow some time for the search to finish, in particular for larger domains. Searches may be confined to users, groups or OU’s to improve on-screen interaction, domain-wide (and all other types) searches may be run as scheduled jobs.
In our case, we search for the whole domain and its sub-OU.
When the scan is finished the result will be displayed right below the search.
If the result is not displayed fast enough you can access it later on by selecting ‘Previous searches’ click on the green button under the actions to load and examine the returned results
This search ‘context’ remains in force for all subsequent filter operations. It can be further refined with any of the many other filters available.
Full-text search in the GAT Labs happens without email extraction. This means your data never leaves your domain, the search is passed in for Google to complete. Only the metadata of emails with potential hits is passed back out. This is by far the most secure method of third-party testing for PCI compliance and means credit card details or other confidential information is not passed out to the third party and thus avoids lengthening the chain of vulnerability.
This method is also suitable for abusive language, bullying language or any other context searches.