📖 < 1 min read

Set up a Google DLP alert every time a document that contains sensitive information is shared outside your Google Workspace domain.

An alert is sent if the regex matches a newly shared out file (Google types only)

Open GAT+ navigate to Alert rules under the Configuration tab

GAT+: How to Create a DLP Alert on Externally Shared Google Docs in Drive 1

Click on the sign and a new window will be displayed, fill in the details and click and Save.

GAT+: How to Create a DLP Alert on Externally Shared Google Docs in Drive 2

 

Set up a Name for the rule

Set the checkmark to Enabled

Set the Type to Drive

Choose the scope whom will be affected by this alert rule

  • It can be a user, group or org.unit

Pick and select the Recipient it can be a local user from the domain or it can be custom one.

Alert is sent if the regex matches a newly shared out file (Google types only)

Enter the name for the Regex and the actual Regex pattern

When Notify user selected a new window will be displayed where a message can be sent to users.

When Remove shares the alert will automatically remove the shares once it detects the regex pattern and shared out condition.

For this example we use regex patterns for detecting:

  • US SSN Entered – \b(?!000)(?!666)([0-6]\d{2}|7([0-356]\d|7[012]))[- ]?(?!00)\d{2}[- ]?(?!0000)\d{4}\b
  • Credit Card Number  – /\b(1800|2131|30[0-5]\d|3[4-7]\d{2}|4\d{3}|5[0-5]\d{2}|6011|6[2357]\d{2})[- ]?(\d{4}[- ]?\d{4}[- ]?\d{4}|\d{6}[- ]?\d{5})\b/gi
  • Homophobic language used – (\W|)([Tt]ranny)|([Dd]yke)|(poof)|(poofter)|(fag)|(faggot)|(queer)|(lesbo)|(bugger)|(girlyboy)|(nancyboy)|(rent boy).*?(\W$)

Use any other Regex examples for your needs.

Click on save to activate the rule.

When the rule is created it can be found in the Alert rules under the configuration.

GAT+: How to Create a DLP Alert on Externally Shared Google Docs in Drive 3

 

It can be viewed (eye icon), edited (pen icon)  or deleted from the (x button).

 

Thanks for sharing and spreading the word!