GAT+ allows G Suite admins to create Alert rules for Drive usage.
Based on the number of file downloads, a number of shared out documents per day and shared out documents based on regex match in the content of the files.
Open GAT+ navigate to Alert rules under the Configuration tab
Click on the + sign and a new window will be displayed, fill in the details and click on the save.
Set up a Name for the rule
Set the checkmark to Enabled
Set the Type to Drive
Choose the scope whom will be affected by this alert rule
- It can be a user, group or org.unit
Pick and select the Recipient it can be a local user from the domain or it can be custom one
The actual rules on which an alert will be generated are:
- Alert on number of files downloaded (files in a 24 hour period)
- Alert on number of files shared out(files in a 24 hour period)
- Alert rule can be added as an alert if regex matches a newly shared out file (Google types only):
For the Regex, we can set the name of the rule, select and add the Pattern.
As an example for regex:
Any regex example should work (below we have few words on which the rule should be triggered or number entered such as US SSN entered (as in the example above)
\b((?i)compliance|authority|security breach|PII)\b
\b(?!000)(?!666)([0-6]\d{2}|7([0-356]\d|7[012]))[- ]?(?!00)\d{2}[- ]?(?!0000)\d{4}\b
Click on the + sign underneath the pattern and add an additional regex rule.
Notify user if you want to show a custom message to the user who shared out this document.
Remove shares if you want to remove the external shares automatically.
Click on save to activate the rule
When the rule is created it can be found in the Alert rules under the configuration
An admin can quickly see the name of the rule, the type of the rule if it is enabled, what scope and the recipients.
Under the summary tab, an admin can see exactly the alerts enabled for this rule.
Under the actions tab, the rule can be viewed (eye icon), it can be edited from the pen icon or deleted from the x button.
The alert will be received by the recipient when the rules are violated.
In this case, a file with a regex for US SSN entered was shared out from the domain.
All the Alerts can be seen under Audit and management in GAT+
