View Categories

Create and Manage Alert Rules in GAT Shield

What Are Alert Rules in GAT Shield? #

Alert Rules in GAT Shield allow Google Workspace Admins to detect and respond to risky user behaviour in real-time. These rules monitor Chrome activity and trigger alerts based on predefined actions or policy violations.

You can use Alert Rules to detect things like:

  • File downloads over a certain size

  • Access to suspicious websites

  • Extension installations

  • Inappropriate keywords in chats

  • Time spent on non-work-related websites

Once a rule is triggered, you’ll be notified by email or through GAT Shield’s dashboard.

Pre-requisite: The Shield extension must be deployed and available to users who are logged into the Google Chrome browser and have synced it into their accounts.

Types of Alert Rules Available #

You can configure a wide range of rule types to suit your security or productivity policies. These include:

  • Downloaded Files (volume, size, type)

  • Visited Sites (URL or category-based)

  • Chat Keywords (internal/external)

  • Installed/Removed Extensions

  • Incognito Mode Usage

  • Blocked or Warned Sites

  • Time Spent on Sites

  • User Sessions and Inactivity

  • Tab Focus Events

  • Custom Keywords

  • Clipboard Events

  • Device Info (OS, browser version)

Each rule type comes with customisable conditions and thresholds.

GAT Shield New Alert Rule setup window showing the 'Name & Type' step with a dropdown list of rule types, including Device, Download, Page content inspection, and Visit

How to Create a New Alert Rule #

Step 1: Access the Alert Rules Panel #

Navigate to Shield > Alerts > Rules > click on ‘+ New alert rule’

A pop-up window will be displayed to fill in the required information.

Step 1: Name & Type #

  • Enter the Rule Name

  • Select the Rule Type (e.g. Page content Inspection)

Step 2: Define the Action #

Choose what happens when the alert is triggered:

  • Show warning
  • Close
  • Close without warning
  • Redirect
  • Redirect without warning
  • No action

Warning message – Users will see this message when the alert rule is triggered. To customize the Warning message, you can use the following variables: $name will be replaced with the rule name, $text will be replaced with the visited website URL when a Visit alert rule is triggered. You can edit the message to suit your needs.

For example, you could add a contact person’s details for further assistance, or you can remove any bits of information you prefer not to share with users.

Step 3: Set Alert Severity #

When the Alert Rule is triggered, a notification is created. The severity of the notification indicates its level of importance. “Default Severity” is the value assigned to all notifications generated by this rule.

GAT Shield alert rule creation screen showing the 'Name & Type' step configured with the rule name 'Guns Alert', rule type 'Page content inspection', action set to 'Show warning', and severity set to 'Low'

GAT Shield alert rule setup screen on the 'Scope' step with scope type set to 'OU', organisational unit '/Students' selected, and 'Include sub. org. units' toggle enabled

GAT Shield alert rule setup screen on the 'Configuration' step with inspection mode set to 'Scan page content and user input', a regular expression trigger expression entered, and options for regex exclusions and page keywords

GAT Shield alert rule setup summary showing final configuration for a 'Guns Alert' rule with type 'Page content inspection', warning action, low severity, scoped to /Students, and a case-sensitive trigger expression

LIVE DEMO

Join Us for a Training Session

For customers and current trials

This website uses cookies to ensure you get the best experience on our website