GAT for Enterprise
GAT for Education
Popular Search security officergatdelegated auditor
View Categories

Set up a Google DLP Alert on the Number of Drive Files Shared Externally

Table of Contents

Set up a Google DLP Alert on the Number of Drive Files Shared Externally #

Get alerted when externally shared documents are more than X files in a given period of time, and protect your domain better from data leakage.

GAT+ provides many types of alerts that can be set up for the domain and the user activity in the domain.

Navigate to GAT+ > Configuration > Alert rules

Click on the + sign, and a new window will be displayed.

Fill in the details, and click and Save.

Here's the provided text rewritten as alternative text for an image, optimized for AI readability: A step-by-step guide to setting up a Google Workspace alert rule for external drive sharing. The guide instructs to: 1. Name the rule and enable it. 2. Set the type to "Drive." 3. Define the scope by selecting a user, group, or organizational unit (OU), with an option to include the entire OU tree. 4. Specify a recipient for the alert, such as a user or group email. 5. Check the box to "Alert on a number of files shared out" and input a numeric value (e.g., 1). This value triggers the alert when the number of externally shared Google documents exceeds the specified number within a 24-hour period. 6. Click "Save" to activate the rule. The completed rule will appear under "Alert rules" in the configuration settings.

  • Set up a Name for the rule.
  • Set the check mark to Enabled.
  • Set the Type to Drive.
  • Choose the Scope (of users) that will be affected by this alert rule:
    • Select a user, a group, or an org. unit of users
    • Check the box here for the entire OU tree – to address all users of an organizational unit, including users of child units
  • Pick and select the RecipientThis can be a user or group email.

Select the checkmark for Alert on a number of files shared out  ( X number of files in a 24-hour period ).

If you place ( 1 ) as a number of files shared out – the alert will be triggered when  ( 1 ) or more files are shared out

  • The alert will be triggered when Google documents shared externally is more than X files in 24 hours.
  • Click on Save to activate the rule.

Edit the rule #

When the rule is created, it can be found in the Alert rules under the configuration.

It can be viewed (eye icon), edited (pen icon), or deleted (x button).

Audit the result of the rules #

When the alerts are triggered, they will be displayed in the Dashboard and the Alerts tab.

FAQ #

1. What is the main purpose of setting up a Google DLP Alert for externally shared Drive files?

The primary purpose is to protect your domain from data leakage. By setting up an alert that triggers when a certain number of Google documents are shared externally within a given period, you can proactively monitor for and respond to potential security risks, whether they are accidental or malicious.

2. How do I define who is affected by the alert and who receives the notification?

You can define the scope of the rule to affect specific users, groups, or an entire organizational unit (OU). You also have the option to include all users in child OUs. For the recipient, you can choose a user or a group email address to receive the alert notifications when the rule is triggered.

3. What happens after the alert rule is created and triggered?

Once the rule is created and saved, it becomes active. If the conditions are met (e.g., more than “X” files are shared externally in 24 hours), the alert is triggered. The alerts will then be displayed in the Dashboard and the Alerts tab within the GAT+ tool, and the designated recipient will receive an email notification. You can also view, edit, or delete the rule from the “Alert rules” section under configuration.

Did you find this article helpful?

This website uses cookies to ensure you get the best experience on our website

Accept all