ūüďĖ 2 mins read

GAT+ allows G Suite admins to create Alert rules for Drive usage.

GAT+: How to set up Google Drive DLP Alerts for shared out files 1

Alerts can be based on a number of actions like the number of files downloaded, the number of shared out documents per day.

Alerts based on specific contents with documents, spreadsheets, presentations, PDF, and text files that are shared out.

Configuring Alert Rules

Open GAT+ navigate to Alert rules under the Configuration tab

GAT+: How to set up Google Drive DLP Alerts for shared out files 2

Click on the + sign and a new window will be displayed, fill in the details as shown below:

  • Set up a¬†Name¬†for the rule
  • Set the checkmark to Enabled
  • Set the¬†Type¬†to Drive

Choose the scope whom will be affected by this alert rule

  • It can be a user, group or org.unit

To apply it all users on your domain enter /* for the Org. Unit

GAT+: How to set up Google Drive DLP Alerts for shared out files 3

 

Pick and select the Recipient it can be any local user from your domain or someone from outside.

Note: If no recipient selects the alerts will be simply reported in the Alerts tab on the left-hand side menu.

The rules on which an alert will be generated are:

  • Alert on number of¬†files downloaded¬†(files in a 24 hour period)
  • Alert on number of¬†files shared out(files in a 24 hour period)
  • Alert rule can be added as an alert if the regex matches a newly shared out file ¬†(doc, spreadsheet, presentation, PDF, text files):
  • Alert if ‚Äúshare to‚ÄĚ address matches specified pattern.

Alert on shared out files matching a Regex ( doc spreadsheets, presentations, PDF, text files)

For the Regex, we can set the name of the rule, select and add the Regex pattern.

As an example for regex:

Any regex example should work (below we have few words on which the rule should be triggered or number entered such as US SSN entered (as in the example above)

\b((?i)compliance|authority|security breach|PII)\b

OR

\b(?!000)(?!666)([0-6]\d{2}|7([0-356]\d|7[012]))[- ]?(?!00)\d{2}[- ]?(?!0000)\d{4}\b  (US SSN number)

OR

\b(\d)[0-9]{12}(?:[0-9]{3})?\b|\b(\d)[0-9]{3}\s[0-9]{4}\s[0-9]{4}\s[0-9]{4}\b|\b(\d)[0-9]{3}[-][0-9]{4}[-][0-9]{4}[-][0-9]{4}\b  (credit card number)

Click on the + sign underneath to add multiple Regex patterns.

Notify the user if you want to show a custom message to the end-user who shared out this document.

Remove shares if you want to remove the external shares automatically.

Click on save to activate the rule.

Viewing Alert Rules

Alert rules can be found in the Alert rules under the configuration

An admin can quickly see the name of the rule, the type of the rule if it is enabled, what scope, and the recipients.

Under the summary tab, an admin can see exactly the alerts enabled for this rule.

Under the actions tab, the rule can be viewed (eye icon), it can be edited from the pen icon or deleted from the x button.

GAT+: How to set up Google Drive DLP Alerts for shared out files 4

When Rules Are Triggered

The alert will be received by the recipient when the rules are violated.

In this case, a file with a regex for US SSN entered was shared out from the domain. The recipients will receive an email notification like the screen below.

GAT+: How to set up Google Drive DLP Alerts for shared out files 5

All the Alerts can be seen under Audit and Management area in GAT+

GAT+: How to set up Google Drive DLP Alerts for shared out files 6

If you would like to run a trial of our products please install GAT+ from the G Suite Marketplace and contact us at support@gatlabs.com with any questions you may have.

To request a demo please click here and fill the form, we will get back to you in less than 12 hours during weekdays.

If you trailed GAT in the past and you would like to run a fresh trial again, please enquire through this form.

Thanks for sharing and spreading the word!