GAT+ is an audit tool for Google Workspace domains, it offers many different reports for any set of data from your domain.
We also have many Alert rules that can be created.
Those alerts can notify Admins or Any user of the domain for different types of activity done by the end-users.
NOTE: The Download events relate to real user actions because when reading the docs https://support.google.
Alert rules #
Here an Admin can set up the GAT+ Alert rule and get notified when users download more than X files from your Google Drive in a 24-hour window.
In GAT+ > Configuration > Alert rules
Click on the + sign and a new window will be displayed, fill in the details.
- Name – enter a name for the alert rule
- Enabled – enable or disable the rule
- Type – select type of alert – Drive
- Scope – select what users to be affected by the alert rule
- Select User, Group, or Org. Unit of users (include Sub. OU if needed).
- Alert recipients – Enter recipient emails who will receive an email for the alert (optional) by default all alerts will be shown in GAT+ > Alerts
Pick and select the actions for which you want to be Alerted.
Alert on the number of files downloaded #
In the Alert rule – select Alert on a number of files downloaded. When the number of downloads is more than the setup number the alert will be triggered.
Exclude apps from whom downloads will not be counted. #
#
Search and select an Application from where the Alert will not count the downloads.
For example: If your users are using Google Drive for Desktop– you can exclude this app and the alert will not be triggered by downloads done by this app.
The alert will be triggered when X different files are downloaded.
Downloads counted by this alert don’t have to come from an active user. Files downloaded by third-party applications will be counted too. The user reported to have downloaded the files would be the user who authorized the application with the access.
A third-party application can have users’ credentials and do the downloads, even if the users are inactive, haven’t logged in for a while or don’t take any actions that would give them direct access to the files reported by this alert.
Result #
NOTE: The Download events relate to real user actions because when reading the docs https://support.google.
When the number of downloads is more than the setup number the alert will be triggered.
When the rule is created it can be found in the Alert rules under the configuration.
It can be viewed (eye icon), edited (pen icon), or deleted from the (x button) (4)
The Alert will be shown in the Alerts tab in GAT+.
Click on the “Toggle file list” (4) to see list of all the downloaded files.
Clikc on the “Show those files in the Drive audit” – (funnel icon) (4) to see all the files in GAT+ > Drive audit
