ūüďĖ 2 mins read

GAT+ allows G Suite admins to create Alert rules for Drive usage.

GAT+: How to set up Google Drive DLP Alerts for shared out files 1

Alerts can be based on a number of actions like the number of files downloaded, the number of shared out documents per day, or alerts based on specific contents with documents shared out.

Configuring Alert Rules

Open GAT+ navigate to Alert rules under the Configuration tab

 

GAT+: How to set up Google Drive DLP Alerts for shared out files 2

Click on the + sign and a new window will be displayed, fill in the details as shown below:

  • Set up a¬†Name¬†for the rule
  • Set the checkmark to Enabled
  • Set the¬†Type¬†to Drive

Choose the scope whom will be affected by this alert rule

  • It can be a user, group or org.unit

To apply it all users on your domain enter /* for the Org. Unit

GAT+: How to set up Google Drive DLP Alerts for shared out files 3

 

Pick and select the Recipient it can be any local user from your domain or someone from outside.

The actual rules on which an alert will be generated are:

  • Alert on number of¬†files downloaded¬†(files in a 24 hour period)
  • Alert on number of¬†files shared out(files in a 24 hour period)
  • Alert rule can be added as an¬†alert if regex matches a newly shared out file (Google types only):

Google files shared out that match a Regex

For the Regex, we can set the name of the rule, select and add the Regex pattern.

As an example for regex:

Any regex example should work (below we have few words on which the rule should be triggered or number entered such as US SSN entered (as in the example above)

\b((?i)compliance|authority|security breach|PII)\b

OR

\b(?!000)(?!666)([0-6]\d{2}|7([0-356]\d|7[012]))[- ]?(?!00)\d{2}[- ]?(?!0000)\d{4}\b

Click on the + sign underneath to add multiple Regex patterns.

Notify user if you want to show a custom message to the end-user who shared out this document.

Remove shares if you want to remove the external shares automatically.

Click on save to activate the rule.

 

Viewing Alert Rules

Alert rules can be found in the Alert rules under the configuration

An admin can quickly see the name of the rule, the type of the rule if it is enabled, what scope, and the recipients.

Under the summary tab, an admin can see exactly the alerts enabled for this rule.

Under the actions tab, the rule can be viewed (eye icon), it can be edited from the pen icon or deleted from the x button.

GAT+: How to set up Google Drive DLP Alerts for shared out files 4

 

 

When Rules Are Triggered

The alert will be received by the recipient when the rules are violated.

In this case, a file with a regex for US SSN entered was shared out from the domain.

GAT+: How to set up Google Drive DLP Alerts for shared out files 5

All the Alerts can be seen under Audit and Management area in GAT+

GAT+: How to set up Google Drive DLP Alerts for shared out files 6

Thanks for sharing and spreading the word!