Display Preview in Shield Alerts

GAT Shield Alerts overview #

GAT Shield allows Google Workspace admins to create different alert rules and get notified based on the actions of users.

Alert rules are a powerful way to stay on top of your Google Workspace security.

When the alert is triggered a notification is sent to the recipient set in the rules.

On each of the alerts at the bottom, there will be options for Screen capture and Webcam capture

NOTE: The WebCam capture will ONLY work if enabled in the Google Admin Console and selected as an option in the Alert rule itself

As in this example:

Send in email, save in rule creator’s Drive and share with other alert recipients

Result when an Alert is triggered #

When the Alert is being triggered by the end-users, the Alerts are being sent via email (if option selected) and by default to Shield Alerts tab

Navigate to Shield > Audit > Shield Alerts

Alerts explorer #

In the Alerts explorer, the Admins can audit the alerts and take a few actions.

The Admin or Delegated Auditor can

  • Acknowledge page – acknowledge all the alerts on the current page
  • Acknowledge all – acknowledge all the alerts generated by the users on every page

On the right side under the Actions tab, some actions can be taken.

  • CheckmarkAcknowledge the selected Alert
  • ! mark (exclamation mark) – Update the Severity of the selected Alert
    • Low – set the severity to low
    • High – set the severity to high
  • Note icon – Show and edit Alert rule
  • Eye icon – view the Details of the Alert

The Eye icon will show all the details for the chosen Alert rule.

The Alert can be individually updated

  • Update severity
  • Acknowledge
  • Show and edit alert rule
  • Notify (GAT) about false positive alerts
  • Under the Webcam image and Screenshot, you should be able to see a preview of the document and the webcam capture
  • Selecting the links will lead to the actual pages and screen capture located in the recipient’s drive

  • Alert status – status of the alert
  • Alert severity – unknown, low, or hight
  • User – details the user such as Name and Org. Unit
  • Device – details for the device used
  • Shield extension – detail for the Shield extension

Alert as email #

The Alert rules will also be sent as Emails to the recipients.

The Admin can see the details for the Alert.

  • Alert rule
  • User
  • Page
  • Device OS
  • Public and Private IP addresses
  • Attachments
    • Webcam capture
    • Screenshot of the page where the event occurred

When any of the reports options are selected the data will be presented in the Shield alerts tab.

This website uses cookies to ensure you get the best experience on our website