Display Preview in Shield Alerts

GAT Shield Alerts overview #

GAT Shield allows Google Workspace admins to create different alert rules and get notified based on the actions of users.

Alert rules are a powerful way to stay on top of your Google Workspace security.

When the alert is triggered a notification is sent to the recipient set in the rules.

On each of the alerts at the bottom, there will be options for Screen capture and Webcam capture

NOTE: The WebCam capture will ONLY work if enabled in the Google Admin Console and selected as an option in the Alert rule itself

As in this example:

Send in email, save in rule creator’s Drive and share with other alert recipients

Result when an Alert is triggered #

When the Alert is being triggered by the end-users, the Alerts are being sent via email (if option selected) and by default to Shield Alerts tab

Navigate to Shield > Audit > Shield Alerts

Alerts explorer #

In the Alerts explorer, the Admins can audit the alerts and take a few actions.

The Admin or Delegated Auditor can

• Acknowledge page – acknowledge all the alerts on the current page
• Acknowledge all – acknowledge all the alerts generated by the users on every page

On the right side under the Actions tab, some actions can be taken.

• Checkmark – Acknowledge the selected Alert
• ! mark (exclamation mark) – Update the Severity of the selected Alert
  • Low – set the severity to low
  • High – set the severity to high
• Note icon – Show and edit Alert rule
• Eye icon – view the Details of the Alert

The Eye icon will show all the details for the chosen Alert rule.

The Alert can be individually updated

• Update severity
• Acknowledge
• Show and edit alert rule
• Notify (GAT) about false positive alerts
• Under the Webcam image and Screenshot, you should be able to see a preview of the document and the webcam capture
• Selecting the links will lead to the actual pages and screen capture located in the recipient’s drive

• Alert status – status of the alert
• Alert severity – unknown, low, or hight
• User – details the user such as Name and Org. Unit
• Device – details for the device used
• Shield extension – detail for the Shield extension

Alert as email #

The Alert rules will also be sent as Emails to the recipients.

The Admin can see the details for the Alert.

• Alert rule
• User
• Page
• Device OS
• Public and Private IP addresses
• Attachments
  • Webcam capture
  • Screenshot of the page where the event occurred

When any of the reports options are selected the data will be presented in the Shield alerts tab.