View Categories

Set Inappropriate Language Alert for Domain Users with GAT Shield

Set Inappropriate Language Alert for Domain Users with GAT Shield #

GAT Shield helps Google Workspace Admins protect their entire domain from the use of inappropriate language by their domain users by creating and setting an alert rule.

By default, the Page content inspection alert rule is pre-configured to detect the disallowed user’s typing behavior.

Thus, whenever the user types a forbidden word, either on Gmail, chat, document, and/or anywhere on the visited page, the GAT Shield alert rule detects that within a second and displays a warning message to that user in question.

At the same time, an alert notification is sent to the administrator via email that notifies them of that behavior and provides insights on the event that has occurred.

That rule can be enhanced to scan throughout the entire user’s page with one mouse click to Scan and alert entire page option in the alert’s configuration.

Configure the alert rule for Page content inspection #

Admin can set up an Alert rule for Page content inspection

This Alert rule inspects the current page the user is on and will generate an alert if the user types specific words based on the Regex in the rule.

Navigate to Shield > Configuration > Alert rules > Add a rule > Page Content inspection

In the Page Content Inspection Regex enter the regex of words you want to get alerted for.

User a template #

We have many templates for Page content inspection that any Admin can use.

Click on Add from a template and select any of the templates. 

When the template is selected – fill in the required details, such as to which users the rule is to be applied.

For example: Weapons alert

  • Alert rule name – enter a name for the alert
  • Active – enable or disable the rule
  • Page content inspection regex – enter the regex
    • Content Inspection regular expression is compared to a text that Users type into any input on pages they visit or text that appears in a document opened by the User. It has a weight of 1. Do not put regex flags into an input. Use REGEX 101 in order to test regex.
  • Distinct upper and lower case letters – When enabled regex will distinct upper and lower case letters.
  • Scan and alert on an entire page – the entire page will be scanned not only on what user types the words from the Regex example
  • Regex word exclusion – Keywords for which no alert will be generated, even if the alert regex criteria are met, e.g. “gat;google” means this alert would never trigger when text matched by regex that contains at least one of keyword.
  • Page keywords – Words that appear on a page. Each of these keywords can have a weight. Use for more accurate alert triggering. The weight for each keyword is counted only once, even if the keyword occurs many times in the page.
  • Alert trigger threshold – minimum weight to trigger an alert
  • Time restriction – select the time on which the rule will be active or not

  • Notificatication interval – Time interval in minutes after which the notification about subsequent rule violations by the user will be sent. If empty, a default value will be used.
  • Report matched text – Send matched text in the alert notification email
  • Monitor on the following sites only
    • To add a new URL enter a value and click on a selected item or hit TAB/COMMA key to add it. Sites for which an alert will be generated, e.g. “www.generalaudittool.com/test” or “generalaudittool.com/test/” means this alert would trigger on that site and all derivative sites. Add URL in the following format “(www.)yyy.zzz/path(/)”. No http:// or https:// is required.
  • Site exclusion – To add a new URL enter a value and click on a selected item or hit TAB/COMMA key to add it. Values are case-sensitive. Sites for which an alert will not be generated, e.g. “www.generalaudittool.com/test” or “generalaudittool.com/test/” means this alert would not trigger on that site and all derivative sites. Add URL in the following format “(www.)yyy.zzz/path(/)”. No http:// or https:// is required.
  • Scope – Rule recipients. If no value is specified, all domain users are affected. If any value is specified, any user who meets the criteria is affected. Start typing for suggestions. Click on a selected item or hit TAB/COMMA key to add it.

  • Scope exclusions – Excluded recipients. If any value is specified, any user who meets the criteria is affected. Overrides above rule. Start typing for suggestions. Click on a selected item or hit TAB/COMMA key to add it.
  • End-user action – select end-user action.
    • Display a warning message
    • Display a warning message and close the browsing tab
    • Display a warning message and redirect – Enter a valid URL where the browser will redirect to when a site is visited.
    • Close the browsing tab without a message
    • Redirect without a message – Enter a valid URL that the browser will redirect to when a site is visited.
    • None
  • Notification webhook – This will have higher priority over email notifications. Alerts will arrive via email only if webhook request fails. Due to the limitations, webhooks will not contain screenshots.
  • Alert recipients – User, group or other valid email addresses that will be used for notification when alert is triggered. If no value is specified, no one will be e-mailed. Start typing for suggestions. Click on a selected item or hit TAB/COMMA key to add it.
  • Screen capture – If you wish to preview screenshots within Shield Alert Events, you must select the Drive option.
  • Webcam capture – This is disabled by default, to make it work, there is a special setting in the Admin console that must be enabled.

Results #

Based on what is set in the End-user action – notification will be shown for the user.

A notification will sent to the end-user from the Chrome browser.

If “display a warning message and redirect” is used – the end-user will get an alert message and will be redirected to the chosen webpage URL

Email notification #

A notification email will also be received by Alert Recipient:

Shield alerts #

All Shield alerts will be reported in Shied > Shield alerts

Based on the received notification, an Alert Recipient can analyze it as follows:

  • User – will see what user triggers the alert,
  • Page – on what page was it triggered,
  • Context/description – a context will be shown,
  • Alert Trigger – the word itself that violated the rule,
  • Score – how many times the rule was violated.

Relevant post #