Configuration Settings Options Available in GAT Shield for Alert Rules

In this post, we will be outlining all of the available settings options when creating Alert Rules within the Shield Console.

Creating an Alert Rule #

As a Google Workspace Super Admin and enter the GAT Shield console. Navigate to Configuration and then Alert Rules. Clicking on Add a rule will show all the different alert types.

Setting Options Available within Alert Rules #

The following settings options can be found in the different types of Alert Rules.

  • Time restriction
  • Scope
  • Scope exclusions
  • Page Content Inspection Regex
  • Report matched text
  • Distinct upper and lower case letters
  • Regex Word exclusions
  • Page keywords
  • Alert trigger threshold
  • Notification interval
  • Monitor on the following sites only
  • Site exclusions
  • End-user action
  • Alert recipients
  • Screen capture
  • Webcam capture

Time restriction #

Within the Alert Rules menu, you can decide when the rule is active and operating. You can define multiple time windows within a given day. And you can can even lock it to the users’ time zone if its different from your own. For example the user is located in a different state or country their time zone would be different than yours.

Scope #

To who the rule will apply to. You can apply any rule to any users who is being monitored by the GAT Shield extension. You have the ability to select the scope to be multiple email addresses, multiple Google Groups or members of a Org Unit.

Scope exclusions #

Whoever is Regardless of whether this user is inside the scope defined they will still be ignored.

Page Content Inspection Regex #

You can enter your javascript Regex code into this field. You can enter some thing this (word1|word2|word3) and each on of those words would be considered.

Distinct upper and lower case letters #

When left unchecked, javascript regex code will be considered insensitive.


Scan and alert on entire page #

By default, this option is unchecked in the alert configuration. Thus, the default setting alert only on the user’s input, such as typing. If a more strict option is needed, enabling this option will scan all users’ activity, including loading and visiting pages.

Regex Word exclusions #

By typing words into this field, it would ignore words or sentences that appear in the javascript regex code. This is the expected format word1;word2;word3 each word/string separated by a semicolon.

Page keywords #

If there are words within the javascript regex code detected on the page. Page keywords are words considered afterwards. They extend the sensitivity of the alert helping you refine what needs to be detected.

For example, your javascript regex picks up the words “big foot” and using the Page keywords you look for the word “furry” or “ape”.

Each keyword can be given a weight value, you can consider this as a value of importance. If the javascript code is engaged and a detection is made, page keywords can influence whether that alert is continued and launched or terminated.

Alert trigger threshold #

Javascript regex code has a default weight value of 1. Regardless of how many words in the regex code are detected on the page the total sum weight is 1. Page keywords can have custom weight values.

You can place any custom value into this field if the regex code and the page keywords are equal or greater than an alert rule is launched.

In most cases this value is set to 1 or 2.

If set to 1, any word detected from the regex code will launch an alert.

If set to 2, regex code and atleast one word from the list of page keywords have to both be on the page.

Report matched text #

When the alert has been launched, the email notification will display the words that violated the javascript regex code and words from the page keywords.

Notification interval #

Enter the number of minutes before another email alert will be triggered for the same alert type. Imagine if the same user keeps violating the alert rule how often or frequently do you want to receive these alert emails and notifications?

Monitor on the following sites only #

Alert rules will only operate and trigger an event on the following domains. You can enter any URL whether its the entire URL or the TLD (top-level domain) name.


Site exclusions #

An alert will never trigger on the URLs you enter in this field.

End-user action #

You can decide to take some sort of actions after an alert rule is triggered and launched. You can influence the screen of the end-user.

Alert recipients #

Which people should get the information/notification once an alert rule is triggered and launched.

Screen capture #

Once an alert rule is triggerd and launched, you can take a screenshot actions which will capture the screen of the user.

Webcam capture #

Once an alert rule is triggered and launched, you can capture an image from the webcam of the device or chromebook

Conclusion #

When developing alert rules within the Shield Console, you should now have a good understanding of each settings option during the creation of the alert.