GAT Shield extension allows the Admins to monitor the user behavior while browsing on the Google Chrome browser.
The Admin can set up multiple DLP Alerts rules.
Based on those alerts then the Admin can be notified via Alert when the users have typed something against the Alert rule.
All the Shield alerts that are triggered can be viewed in the Shield > Shield Alerts tab.
Delegated auditor – reviewer #
The Alerts rules that are triggered could be too many for one Admin to review.
To help the Admin, a delegated auditor ( reviewer ) can be created.
This will allow a person to be added to use GAT Shield and view and review all the Alerts that are being generated.
Create delegated auditor in Shield #
An Admin can create the delegated auditor (reviewer) and give them access to view and manage the Shield Alerts
Navigate to GAT Shield > Configuration > Delegated auditor > +Add an auditor
Fill in the details for creating the Auditor.
- Auditor – enter the user email who will audit the Alerts
- Scope – select into what users the Auditor will have access over, to view their Alerts
- Include sub. org. units – select if you choose org. unit and want to include all the nested within
- Access areas – select and enable the Areas where the Auditor will have access.
- Valid until – this will you to select for how long the Auditor to be enabled for
- Active – enable or disable the Auditor
- Save – Click to Save the delegated auditor
For the Access Areas – we recommend enabling only the areas that are needed for the Auditor (Reviewer).
Any of the other sections can be enabled too.
- Shield Alerts
- Site Access Events
Reviewer (Delegated auditor) #
When the Delegated auditor is created they can log in to the tool and view and audit all the Shield Alerts and Site Access Events.
The Reviewers can log in from the Google Apps button by clicking on the GAT+ button.
When login into GAT Shield they can view the sections allowed.
Shield Alerts audit #
The Reviewer (Auditor) can view all the Shield alerts that are triggered by the end-users.
Audit all Shield Alerts.
- Rule name – view the rule name for the Alert
- Rule type – the type of rule created
- Page – view where the user was when they trigger the alert
- Trigger – view the trigger word or sentence that the user has typed
- Sent – view at what time the alert was triggered
- User – view who is the user who triggers the alert
- Status – view the status of the alert
The auditor can acknowledge the alert – marking it as “acknowledged” – meaning is checked and acknowledged
Actions on Shield Alerts #
The auditor can take global actions
- Acknowledge page – acknowledge the current page.
- Acknowledge all – acknowledge all Shield Alerts and change their status to acknowledged.
- Update Severity – acknowledge the seriousness of the alert.
The auditor can take individual action for each Alert rule. Click on the “eye” icon from the right-side buttons.
- Eye icon – view details for the Alert rule.
A new window will be displayed with all the additional details for the Alert rule
- Update Severity – Marks this alert as either High or Low. This will be used by an algorithm later on.
- Acknowledge – on the top left side you can acknowledge the Alert
- Notify about false-positive alert – click no notify us if the Alert rule is false positive
View all the additional data reported for the Alert rule.
Site Access Events audit #
The Reviewer (delegated auditor) can also review the Site Access Events rules that are being triggered.
Those are all webpages that are blocked for the users via Site Access Control, created by the Admins of the domain
- URL – view the site URL
- Category – view by what category the site is blocked
- Site Access action – view what event has occurred on the site – blocked, allowed, or warning
- Date – view went the site was blocked at
- User – view for who the site is being blocked for
- Action – view additional details
- eye icon – view details for the Site Access Control