Google Workspace / ChromeOS
Overview
- Vendor: Google
- Supported environment: SaaS
- Detection based on: Telemetry
- Supported application or feature: Application Logs
Google Workspace, formerly known as G Suite, is a cloud-based productivity and collaboration platform developed by Google, featuring tools like Gmail, Google Drive, and Google Docs. It allows users to create, communicate, and collaborate in real-time from any location, promoting efficient teamwork and secure file management. Complementing this, ChromeOS is a Linux-based operating system designed for Chromebooks, focusing on delivering a fast and secure user experience centered around web applications and cloud services. Together, Google Workspace and ChromeOS provide an integrated environment that enhances productivity and collaboration in the digital age.
Supported applications
This integration can collect activities from the following GSuite applications:
adminto collect activities, on the Admin console, including:calendarto collect events from Google calendarchatto collect Chat activitiesdriveto supervise Google Drive eventsgcpfor the Google Cloud platform activiatiesgroupsto collect Google groups eventsgroups_entrepriseto collect Entreprise groups eventsjamboardto collect Jamboard activitiesloginto monitor authentication in Google applicationsmeetto supervise Google meet eventstokenfor authentication supervisionuser_accountsto monitor Users accounts activitieskeepto supervices Google Keep activitiesvaultto collect vault activitiesrulesto collect Rules activitiessamlto collect SAML activitiescontext_aware_accessto collect Context-aware access activitieschromelists various types of Chrome Audit activity events
Limitation
Only activities from one applications can be collected from one playbook. To collect activities from several Google Application, create as many playbooks as applications to collect.
Configure
Prerequisites
- Google licence Enterprise standard or higher
- Access to Sekoia.io Intakes and Playbook pages with write permissions
- Administrator access to the Google Cloud console and to Google Workspace
Create a dedicated service account
To create a service account you have to :
- Create a project
- Turn on the APIs for the service account a. In your project, select APIs & Services and then Library b. Select the Admin SDK API and click on Enable (you can write the name in the search box to find it more easily)
- Under APIs & Services, set up the OAuth consent screen
- Click on OAuth consent screen
- For User type, select Internal
- Write an App Name, a User support email and an email address for the Developer contact information
- Select the following scopes (see Choose Reports API scopes):
https://www.googleapis.com/auth/admin.reports.audit.readonlyhttps://www.googleapis.com/auth/admin.reports.usage.readonly
- Create the service account
- Under IAM & Admins, click on Service Accounts and click on Create Service Account
- Specify the Service Account details
- Click on Done (no need to Grant this service account access to project and Grant users access to this service account)
- Create a delegation
- Find your new Service Account and select Managed details
- Click on Advanced settings
- Under "Domain-wide delegation" find your service account's Client ID. Copy the client ID value to your clipboard.
- Click on View Google Workspace Admin Console, then sign in using a super administrator user account and continue following these steps.
- In the Google Admin console, go to Menu > Security > Access and data control > API controls.
- Click Manage Domain Wide Delegation.
- Click Add new.
- In the "Client ID" field, paste the client ID that you previously copied.
- In the "OAuth Scopes" field, enter a comma-delimited list of the scopes required by your application. This is the same set of scopes you defined when configuring the OAuth consent screen.
https://www.googleapis.com/auth/admin.reports.audit.readonlyhttps://www.googleapis.com/auth/admin.reports.usage.readonly
- Click Authorize
For more details in each steps please read this Documentation and this one about delegation
Create and download JSON keys (service account credentials)
To use a service account from outside of Google Cloud, such as on Sekoia.io, you must first establish the identity of the service account. Public/private key pairs provide a secure way of accomplishing this goal. When you create a service account key, the public portion is stored on Google Cloud, while the private portion is available only to you.
Note
By default, service account keys never expire.
- Go to the Service accounts page
- Select your cloud project
- Click the email address of the service account that you want to create a key for
- Click the Keys tab
- Click the Add key drop-down menu, then select Create new key
- Select JSON as the Key type and click Create
Important
Clicking Create downloads a service account key file. After you download the key file, you cannot download it again. You will need it on the following steps on Sekoia.io.
Find more information on the official google documentation.
Example of JSON key file
{
"type": "service_account",
"project_id": "PROJECT_ID",
"private_key_id": "KEY_ID",
"private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
"client_email": "SERVICE_ACCOUNT_EMAIL",
"client_id": "CLIENT_ID",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
}
Sekoia.io configuration procedure
Create your intake
- Go to the intake page and create a new intake from the
Google Report. - Edit the intake configuration with the following attribut:
- Select the
application nameyou want to fetch the events from - Type the
an Google workspace admin email.
- Select the
Important
- This Google workspace admin email is any user part of the domain that has the right to view de Data of Google Workspace
- If you are uncertain whether to use a super admin or admin email, make sure you have the appropriate permissions in the email for the service you are requesting. For example, if you need to access logs on Google Vault, you will need the Access all logs permission.
Important
Google Workspace events may be available in the Admin console and the Google Report API with delay. This delay can be from a couple of minutes up to several hours (see documentation). Please adjust the timedelta parameter in the configuration accordingly.
Enjoy your events on the Events page
Further readings
Raw Events Samples
In this section, you will find examples of raw logs as generated natively by the source. These examples are provided to help integrators understand the data format before ingestion into Sekoia.io. It is crucial for setting up the correct parsing stages and ensuring that all relevant information is captured.
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-07T14:23:22.470Z",
"uniqueQualifier": "-7203312395540000000",
"applicationName": "context_aware_access",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\"",
"actor": {
"callerType": "USER",
"email": "john.doe@test.com",
"profileId": "user1"
},
"ipAddress": "192.0.2.1",
"events": [
{
"type": "CONTEXT_AWARE_ACCESS_USER_EVENT",
"name": "MONITOR_MODE_ACCESS_DENY_EVENT",
"parameters": [
{
"name": "CAA_ACCESS_LEVEL_APPLIED",
"multiValue": [
"is admin-approved IOS",
"is admin-approved android",
"Is Corporate Device"
]
},
{
"name": "CAA_ACCESS_LEVEL_UNSATISFIED",
"multiValue": [
"is admin-approved android",
"Crowdstrike Compliant Device",
"is admin-approved IOS",
"Is Corporate Device"
]
},
{
"name": "CAA_APPLICATION",
"value": "GMAIL"
},
{
"name": "BLOCKED_API_ACCESS",
"multiValue": [
"GMAIL"
]
},
{
"name": "CAA_DEVICE_ID",
"value": "UNKNOWN"
},
{
"name": "CAA_DEVICE_STATE",
"value": "No Device Signals"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2025-12-01T11:00:20.545Z",
"uniqueQualifier": "-2222222222222222222",
"applicationName": "admin",
"customerId": "ANONYMIZED"
},
"etag": "\"Abc/Def\"",
"actor": {
"callerType": "USER",
"email": "john.doe@example.com",
"profileId": "111111111111111111111"
},
"ipAddress": "1.2.3.4",
"networkInfo": {
"ipAsn": [
3215
],
"regionCode": "FR",
"subdivisionCode": "FR-IDF"
},
"events": [
{
"type": "SECURITY_INVESTIGATION",
"name": "SECURITY_INVESTIGATION_CONTENT_ACCESS",
"parameters": [
{
"name": "INVESTIGATION_DATA_SOURCE",
"value": "GMAIL"
},
{
"name": "INVESTIGATION_CONTENT_ACCESS_ENTITY_ID",
"value": "(<test@example.org> jane.doe@example.net)"
},
{
"name": "INVESTIGATION_CONTENT_ACCESS_JUSTIFICATION",
"value": "https://test.atlassian.net/jira/servicedesk/projects/ALRT/queues/custom/125/ALRT-1"
},
{
"name": "INVESTIGATION_CONTENT_ACCESS_DEVICE",
"value": "REDACTED"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-12T14:50:56.780Z",
"uniqueQualifier": "-68755428425",
"applicationName": "admin",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0H\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "user1"
},
"ipAddress": "FE80:000:333:1111:7777:5555:6666:ddd",
"events": [
{
"type": "ALERT_CENTER",
"name": "ALERT_CENTER_VIEW",
"parameters": [
{
"name": "ALERT_ID",
"value": "445831ce-36e0-44b5-aca6-0d85f7454df7,69f7ac90-44de"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-12T14:41:33.804Z",
"uniqueQualifier": "-4779949128172",
"applicationName": "admin",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0\"",
"actor": {
"email": "test@test.com",
"profileId": "user1"
},
"ipAddress": "FE80:000:333:1111:7777:5555:6666:ddd",
"events": [
{
"type": "SECURITY_SETTINGS",
"name": "ALLOW_STRONG_AUTHENTICATION",
"parameters": [
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "true"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
}
]
},
{
"type": "SECURITY_SETTINGS",
"name": "ENFORCE_STRONG_AUTHENTICATION",
"parameters": [
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "true"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
}
]
},
{
"type": "SECURITY_SETTINGS",
"name": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY",
"parameters": [
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "DISABLE_USERS_TO_TRUST_DEVICE"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
}
]
},
{
"type": "SECURITY_SETTINGS",
"name": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION",
"parameters": [
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "1 week"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
}
]
},
{
"type": "SECURITY_SETTINGS",
"name": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION",
"parameters": [
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "1 day"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
}
]
},
{
"type": "SECURITY_SETTINGS",
"name": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS",
"parameters": [
{
"name": "ALLOWED_TWO_STEP_VERIFICATION_METHOD",
"value": "NO_TELEPHONY"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
}
]
},
{
"type": "SECURITY_SETTINGS",
"name": "CHANGE_TWO_STEP_VERIFICATION_START_DATE",
"parameters": [
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "2019-10-31"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-13T10:25:01.859Z",
"uniqueQualifier": "-119782077599",
"applicationName": "calendar",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z\"",
"actor": {
"email": "jane.doe@test.com",
"profileId": "user1"
},
"ownerDomain": "sekoia.io",
"ipAddress": "1.2.3.4",
"events": [
{
"type": "event_change",
"name": "change_event",
"parameters": [
{
"name": "event_id",
"value": "6qr2cujo0lkfln"
},
{
"name": "organizer_calendar_id",
"value": "jane.doe@test.com"
},
{
"name": "calendar_id",
"value": "jane.doe@test.com"
},
{
"name": "event_title",
"value": "title test"
},
{
"name": "is_recurring",
"boolValue": false
},
{
"name": "recurring",
"value": "no"
},
{
"name": "client_side_encrypted",
"value": "no"
},
{
"name": "start_time",
"intValue": "63846009000"
},
{
"name": "end_time",
"intValue": "63846010800"
},
{
"name": "api_kind",
"value": "caldav"
},
{
"name": "user_agent",
"value": "macOS/12.5"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-13T10:36:57.929Z",
"uniqueQualifier": "2480088525820",
"applicationName": "calendar",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL\"",
"actor": {
"email": "john.doe@test.com",
"profileId": "user1"
},
"ownerDomain": "test.com",
"ipAddress": "192.0.2.1",
"events": [
{
"type": "event_change",
"name": "create_event",
"parameters": [
{
"name": "event_id",
"value": "fksdqs5mv613b"
},
{
"name": "organizer_calendar_id",
"value": "john.doe@test.com"
},
{
"name": "calendar_id",
"value": "jane.doe@test.com"
},
{
"name": "event_title",
"value": "Test title"
},
{
"name": "is_recurring",
"boolValue": false
},
{
"name": "recurring",
"value": "no"
},
{
"name": "client_side_encrypted",
"value": "no"
},
{
"name": "start_time",
"intValue": "63846450000"
},
{
"name": "end_time",
"intValue": "63846453600"
},
{
"name": "user_agent",
"value": "Calendly"
}
]
},
{
"type": "event_change",
"name": "add_event_guest",
"parameters": [
{
"name": "event_id",
"value": "fksdqs5mv613b"
},
{
"name": "organizer_calendar_id",
"value": "john.doe@test.com"
},
{
"name": "calendar_id",
"value": "jane.doe@test.com"
},
{
"name": "event_title",
"value": "Test title"
},
{
"name": "is_recurring",
"boolValue": false
},
{
"name": "recurring",
"value": "no"
},
{
"name": "client_side_encrypted",
"value": "no"
},
{
"name": "event_guest",
"value": "jane.doe@test.com"
},
{
"name": "user_agent",
"value": "Calendly"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-08T10:37:56.354Z",
"uniqueQualifier": "-75128508411076",
"applicationName": "chat",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0H0\"",
"actor": {
"callerType": "USER",
"email": "jane.doe@test.com",
"profileId": "user1"
},
"events": [
{
"type": "user_action",
"name": "message_posted",
"parameters": [
{
"name": "room_id",
"value": "AAAAAAAAAA"
},
{
"name": "actor",
"value": "jane.doe@test.com"
},
{
"name": "message_id",
"value": "spaces/AAAApr7T222/messages/oODWFIV2CtA"
},
{
"name": "retention_state",
"value": "PERMANENT"
},
{
"name": "room_name",
"value": "Group Chat (AAAAAAAAAA)"
},
{
"name": "dlp_scan_status",
"value": "DLP_NOT_APPLICABLE"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-12T10:01:16.430Z",
"uniqueQualifier": "-2323518099402",
"applicationName": "chat",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0\"",
"actor": {
"callerType": "USER",
"email": "jane.doe@test.com",
"profileId": "user1"
},
"events": [
{
"type": "user_action",
"name": "room_created",
"parameters": [
{
"name": "room_id",
"value": "AAAAAAAAA"
},
{
"name": "actor",
"value": "jane.doe@test.com"
},
{
"name": "external_room",
"value": "DISABLED"
},
{
"name": "room_name",
"value": "Group Chat (AAAAAAAAA)"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-15T09:11:54.000Z",
"uniqueQualifier": "8333377333333333333",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kD8ZfWJ2SmlhI/FB6vZhPRe0T5Zqobg\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_ADD_REMOVE_USER_TYPE",
"name": "CHROME_OS_ADD_USER",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "172800000000000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_AFFILIATED_USER_ADDED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "47777777-cccc-7777-7777-f16211400000000"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-15T09:41:04.457Z",
"uniqueQualifier": "-419957426935000000000",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kD8ZfWJ2SmlhIiA/NR0JCBuKk9DM7\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROMEOS_LOCK_UNLOCK_TYPE",
"name": "CHROMEOS_AFFILIATED_LOCK_SUCCESS",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1728984444444"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_AFFILIATED_LOCK_SUCCESS"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857-b741-f100000000000000000"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-08T13:15:35.760Z",
"uniqueQualifier": "-5079400007310000000",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfbhIiAAGttWx4uxgdiOjzAg0/tTZpUjK2c3wFB9Uh\"",
"actor": {
"callerType": "KEY",
"key": "SYSTEM"
},
"events": [
{
"type": "DEVICE_BOOT_STATE_CHANGE_TYPE",
"name": "DEVICE_BOOT_STATE_CHANGE",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1731071700000"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "EVENT_REASON",
"value": "CHROME_OS_VERIFIED_MODE"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "c4a7f0fa-e5d1-4a07-8f61-9eeeeeeeeeef"
},
{
"name": "DEVICE_PLATFORM",
"value": ""
},
{
"name": "PREVIOUS_BOOT_MODE",
"value": "UNKNOWN"
},
{
"name": "NEW_BOOT_MODE",
"value": "VERIFIED"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-21T13:47:41.000Z",
"uniqueQualifier": "-41312380982470000000",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kD84uxgdiOjzAg0/ydpRq7PE6Sq81YCdl1\"",
"actor": {
"callerType": "USER",
"email": "redacted",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_CRD_CLIENT_CONNECTED_TYPE",
"name": "CHROME_OS_CRD_CLIENT_CONNECTED",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "17290000000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_CRD_CLIENT_CONNECTED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "Admin"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "CONNECTION_TYPE",
"value": "RELAY"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.58.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "0f9e7f45-b777-4777-b777-c214388888888"
},
{
"name": "SESSION_ID",
"value": "joedoe@test.fr/chromoting_ftl_d2cd9895-eeee-5555-0000-00040059755"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-21T13:48:12.000Z",
"uniqueQualifier": "389668566663666666613",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kDttWx4uxgdiOjzAg0/k9WnQIxoNvYgDlcL8\"",
"actor": {
"callerType": "USER",
"email": "redacted",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_CRD_CLIENT_DISCONNECTED_TYPE",
"name": "CHROME_OS_CRD_CLIENT_DISCONNECTED",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1729518000000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_CRD_CLIENT_DISCONNECTED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "Admin"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.58.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "0f9e7f45-7777-7777-7777-c21438884dc5"
},
{
"name": "SESSION_ID",
"value": "joeDoe@test.fr/chromoting_ftl_dddd9999-eeee-5555-0000-55555555555"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-21T13:48:12.000Z",
"uniqueQualifier": "-3822400088800088888",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kD8ZfWxgdiOjzAg0/ND9YlWuFYJrufwljQI\"",
"actor": {
"callerType": "USER",
"email": "redacted",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_CRD_HOST_ENDED_TYPE",
"name": "CHROME_OS_CRD_HOST_ENDED",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "17292222222000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_CRD_HOST_ENDED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "Admin"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.58.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "0f9e7f45-b777-4777-b777-c21438e84dc5"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-21T13:47:27.000Z",
"uniqueQualifier": "6345555777799998888",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kDttWx4uxgdiOjzAg0/4hGqeNXoNQepbYGE\"",
"actor": {
"callerType": "USER",
"email": "redacted",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_CRD_HOST_STARTED_TYPE",
"name": "CHROME_OS_CRD_HOST_STARTED",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1724444440000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_CRD_HOST_STARTED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "Admin"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.58.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "0f9e7f45-b187-4444-7777-c23338884555"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-08T13:20:40.000Z",
"uniqueQualifier": "-2392455694764444444444",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_LOGIN_LOGOUT_TYPE",
"name": "CHROME_OS_LOGIN_EVENT",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1731072040000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_KIOSK_SESSION_LOGIN"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "-"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16033.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857"
},
{
"name": "ORG_UNIT_NAME",
"value": "test_org"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-05T11:58:46.000Z",
"uniqueQualifier": "5756634282037777777777",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kD8ZfWJ2Smlh/sS5BbT29sC\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_LOGIN_LOGOUT_TYPE",
"name": "CHROME_OS_LOGIN_FAILURE_EVENT",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1730800000000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_AFFILIATED_LOGIN"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16033.43.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "cbc28748-a199-47c1-b483-000000000000000000"
},
{
"name": "LOGIN_FAILURE_REASON",
"value": "AUTHENTICATION_ERROR"
},
{
"name": "ORG_UNIT_NAME",
"value": "Microsoft"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-15T09:00:38.000Z",
"uniqueQualifier": "-1434962671000000000000",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kD8ZfWJ2SmlhIiAAG/lzqsleRu67H0HaxvdOJ\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_LOGIN_LOGOUT_TYPE",
"name": "CHROME_OS_LOGOUT_EVENT",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1728900000000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_AFFILIATED_LOGOUT"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857-b741-f0000000000000000"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-11T15:56:35.651Z",
"uniqueQualifier": "2420143888886666888",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9AGttWx4uxgdiOjzAg0/qXWA2OAs3YpjtVNEo9y\"",
"actor": {
"callerType": "USER",
"email": "redacted",
"profileId": "user1"
},
"events": [
{
"type": "CHROMEOS_PERIPHERAL_ADDED_TYPE",
"name": "CHROMEOS_PERIPHERAL_ADDED",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "122222225555"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_PERIPHERAL_ADDED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.44.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc7777-cccc-8888-7777-f16211111111b"
},
{
"name": "PRODUCT_ID",
"value": "222234"
},
{
"name": "PRODUCT_NAME",
"value": "USB2.0 FHD UVC WebCam"
},
{
"name": "VENDOR_ID",
"value": "0x222e"
},
{
"name": "VENDOR_NAME",
"value": "Sonix Technology Co., Ltd."
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-11T15:56:35.351Z",
"uniqueQualifier": "2649444888333333335",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvAGttWx4uxgdiOjzAg0/DWFo8d88e_z7nQYg\"",
"actor": {
"callerType": "USER",
"email": "redacted",
"profileId": "user1"
},
"events": [
{
"type": "CHROMEOS_PERIPHERAL_REMOVED_TYPE",
"name": "CHROMEOS_PERIPHERAL_REMOVED",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1728662555333"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_PERIPHERAL_REMOVED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.44.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-cccc-5555-7777-f1111122227b"
},
{
"name": "PRODUCT_ID",
"value": "0x2222"
},
{
"name": "PRODUCT_NAME",
"value": ""
},
{
"name": "VENDOR_ID",
"value": "0x2222"
},
{
"name": "VENDOR_NAME",
"value": ""
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-08T13:17:42.050Z",
"uniqueQualifier": "8215000000000000000",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zF\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROMEOS_PERIPHERAL_STATUS_UPDATED_TYPE",
"name": "CHROMEOS_PERIPHERAL_STATUS_UPDATED",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1731071860000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_PERIPHERAL_STATUS_UPDATED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16033.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857"
},
{
"name": "ORG_UNIT_NAME",
"value": "test_org"
},
{
"name": "PRODUCT_ID",
"value": "0x2"
},
{
"name": "PRODUCT_NAME",
"value": "2.0 root hub"
},
{
"name": "VENDOR_ID",
"value": "0x1ddd"
},
{
"name": "VENDOR_NAME",
"value": "Linux Foundation"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-15T09:09:42.884Z",
"uniqueQualifier": "436275460544100000000",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfbtWx4uxgdiOjzAg0/175l0NK2JBeAcg\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROMEOS_POWERWASH_TYPE",
"name": "CHROMEOS_POWERWASH_INITIATED",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "172898338222222"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_POWERWASH_INITIATED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "-"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857-b741-f1621111111111111"
},
{
"name": "REMOTE_REQUESTED",
"value": "requested"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-15T09:31:16.000Z",
"uniqueQualifier": "-378806042057000000000000",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfb9kD8ZfWJ2Sml/mtgJ4U_Y-rfHYQ\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROME_OS_ADD_REMOVE_USER_TYPE",
"name": "CHROME_OS_REMOVE_USER",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "1728900000000"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_UNAFFILIATED_USER_REMOVED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "-"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-6666-7777-7777-3333333333333"
},
{
"name": "REMOVE_USER_REASON",
"value": "LOCAL_USER_INITIATED"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-14T09:17:57.384Z",
"uniqueQualifier": "68200096415770000",
"applicationName": "chrome",
"customerId": "ANONYMIZED"
},
"etag": "\"vj4PvLCfiAAGttWx4uxgdiOjzAg0/bTMQuHA7m4d1RjZ8u\"",
"actor": {
"callerType": "USER",
"profileId": "user1"
},
"events": [
{
"type": "CHROMEOS_UPDATE_TYPE",
"name": "CHROMEOS_UPDATE_SUCCESS",
"parameters": [
{
"name": "TIMESTAMP",
"intValue": "7778897477777"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_UPDATE_SUCCESS"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "-"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "CURRENT_OS_VERSION",
"value": "16002.51.0"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.44.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857-b0000-f00000000000"
},
{
"name": "PREVIOUS_OS_VERSION",
"value": "16002.44.0"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2025-03-18T13:32:31.497Z",
"uniqueQualifier": "-6347820133480887822",
"applicationName": "admin",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\"",
"actor": {
"callerType": "USER",
"email": "johndoe@example.com",
"profileId": "user1"
},
"ipAddress": "1.2.3.4",
"events": [
{
"type": "USER_SETTINGS",
"name": "DELETE_USER",
"parameters": [
{
"name": "USER_EMAIL",
"value": "janedoe@example.com"
}
]
}
]
}
{
"kind": "audit#activity",
"id": {
"time": "2014-03-17T15:39:18.460Z",
"uniqQualifier": "reports unique ID",
"applicationName": "drive",
"customerId": "ANONYMIZED"
},
"actor": {
"callerType": "USER",
"email": "johndoe@example.com",
"profileId": "user1",
"key": "consumer key of requestor in an OAuth 2LO request"
},
"ownerDomain": "domain of the source owner",
"ipAddress": "1.2.3.4",
"events": [
{
"type": "access",
"name": "edit",
"parameters": [
{
"name": "primary_event",
"boolValue": true
},
{
"name": "billable",
"boolValue": true
},
{
"name": "owner_is_shared_drive",
"boolValue": true
},
{
"name": "owner_team_drive_id",
"value": "AAAAAALLLLLL"
},
{
"name": "owner",
"value": "RH "
},
{
"name": "doc_id",
"value": "5555763535"
},
{
"name": "doc_type",
"value": "folder"
},
{
"name": "is_encrypted",
"boolValue": false
},
{
"name": "doc_title",
"value": "Divers"
},
{
"name": "visibility",
"value": "shared_internally"
},
{
"name": "shared_drive_id",
"value": "112-EIUBHDIUBEBUD"
},
{
"name": "originating_app_id",
"value": "691301496089"
},
{
"name": "actor_is_collaborator_account",
"boolValue": false
},
{
"name": "owner_is_team_drive",
"boolValue": true
},
{
"name": "team_drive_id",
"value": "111-EIUBHDIUBEBUD"
}
]
}
]
}
{
"kind": "audit#activity",
"id": {
"time": "2014-03-17T15:39:18.460Z",
"uniqQualifier": "reports unique ID",
"applicationName": "drive",
"customerId": "ANONYMIZED"
},
"actor": {
"callerType": "USER",
"email": "johndoe@example.com",
"profileId": "user1",
"key": "consumer key of requestor in an OAuth 2LO request"
},
"ownerDomain": "domain of the source owner",
"ipAddress": "1.2.3.4",
"events": [
{
"type": "access",
"name": "edit",
"parameters": [
{
"name": "primary_event",
"boolValue": true
},
{
"name": "owner_is_shared_drive",
"boolValue": false
},
{
"name": "doc_id",
"value": "1DWuYM3ot_sAyEQqOz0xWJ9bVMSYzOmRNeBqbgtSwuK8"
},
{
"name": "doc_title",
"value": "Meeting notes"
},
{
"name": "doc_type",
"value": "document"
},
{
"name": "owner",
"value": "mary@example.com"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2025-02-18T17:10:20.317Z",
"uniqueQualifier": "-12345678",
"applicationName": "drive",
"customerId": "ANONYMIZED"
},
"etag": "\"ABCDEF123\"",
"actor": {
"email": "",
"profileId": "105250506097979753968"
},
"events": [
{
"type": "access",
"name": "sheets_import_range",
"parameters": [
{
"name": "primary_event",
"boolValue": true
},
{
"name": "billable",
"boolValue": false
},
{
"name": "sheets_import_range_recipient_doc",
"value": "123qwerty456"
},
{
"name": "owner_is_shared_drive",
"boolValue": true
},
{
"name": "owner_team_drive_id",
"value": "asdf678"
},
{
"name": "owner",
"value": "johndoe"
},
{
"name": "doc_id",
"value": "zxcv890"
},
{
"name": "doc_type",
"value": "spreadsheet"
},
{
"name": "is_encrypted",
"boolValue": false
},
{
"name": "doc_title",
"value": "TPS report"
},
{
"name": "visibility",
"value": "people_with_link"
},
{
"name": "shared_drive_id",
"value": "asdf678"
},
{
"name": "actor_is_collaborator_account",
"boolValue": false
},
{
"name": "owner_is_team_drive",
"boolValue": true
},
{
"name": "team_drive_id",
"value": "asdf678"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2025-12-08T07:12:18.897Z",
"uniqueQualifier": "-2222222222222222222",
"applicationName": "drive",
"customerId": "ANONYMIZED"
},
"etag": "\"Abc/Def\"",
"actor": {
"email": "john.doe@example.com",
"profileId": "111111111111111111111"
},
"events": [
{
"type": "access",
"name": "label_field_changed",
"parameters": [
{
"name": "label",
"value": "labels/A1B2C3@83"
},
{
"name": "label_title",
"value": "Classification"
},
{
"name": "reason",
"value": "user_action"
},
{
"name": "field_id",
"value": "ABCD1234"
},
{
"name": "field",
"value": "Classification"
},
{
"name": "new_value",
"multiValue": [
"C0 Public"
]
},
{
"name": "old_value",
"multiValue": [
"C1 Restricted"
]
},
{
"name": "new_value_id",
"multiValue": [
"DEF123"
]
},
{
"name": "old_value_id",
"multiValue": [
"TEST123"
]
},
{
"name": "new_field_value",
"multiValue": [
"DEF123"
]
},
{
"name": "old_field_value",
"multiValue": [
"TEST123"
]
},
{
"name": "primary_event",
"boolValue": true
},
{
"name": "owner_is_shared_drive",
"boolValue": false
},
{
"name": "owner",
"value": "john.doe@example.com"
},
{
"name": "doc_id",
"value": "DOCUMENTID"
},
{
"name": "doc_type",
"value": "spreadsheet"
},
{
"name": "is_encrypted",
"boolValue": false
},
{
"name": "doc_title",
"value": "tps report"
},
{
"name": "visibility",
"value": "private"
},
{
"name": "actor_is_collaborator_account",
"boolValue": false
},
{
"name": "owner_is_team_drive",
"boolValue": false
}
],
"resourceIds": [
"DOCUMENTID"
]
}
],
"resourceDetails": [
{
"id": "DOCUMENTID",
"title": "tps report",
"type": "DRIVE_ITEM",
"relation": "DRIVE_PRIMARY",
"appliedLabels": [
{
"id": "ANONYMIZED",
"title": "Classification",
"reason": {
"reasonType": "USER_APPLIED"
},
"fieldValues": [
{
"id": "ABCD1234",
"displayName": "Classification",
"type": "SELECTION",
"selectionValue": {
"id": "DEF123",
"displayName": "C0 Public",
"badged": true
},
"reason": {
"reasonType": "USER_APPLIED"
}
}
]
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2023-09-04T08:42:51.615Z",
"uniqueQualifier": "-2222222222222222222",
"applicationName": "drive",
"customerId": "111111111"
},
"actor": {
"email": "john.doe@example.org",
"profileId": "444444444444444444444"
},
"ipAddress": "1.2.3.4",
"events": [
{
"type": "access",
"name": "view",
"parameters": [
{
"name": "primary_event",
"boolValue": true
},
{
"name": "billable",
"boolValue": true
},
{
"name": "owner_is_shared_drive",
"boolValue": true
},
{
"name": "owner_team_drive_id",
"value": "DDD_111111111111111"
},
{
"name": "owner",
"value": "J.DOE"
},
{
"name": "doc_id",
"value": "333333333333333333333333333333333"
},
{
"name": "doc_type",
"value": "folder"
},
{
"name": "is_encrypted",
"boolValue": false
},
{
"name": "doc_title",
"value": "MyDocs"
},
{
"name": "visibility",
"value": "people_within_domain_with_link"
},
{
"name": "shared_drive_id",
"value": "DDD_222222222222222"
},
{
"name": "originating_app_id",
"value": "666666666666"
},
{
"name": "actor_is_collaborator_account",
"boolValue": false
},
{
"name": "owner_is_team_drive",
"boolValue": true
},
{
"name": "team_drive_id",
"value": "DDD_888888888888888"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-14T12:07:37.366Z",
"uniqueQualifier": "-3853857772415670247",
"applicationName": "meet",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ/t2tqco4M6QzgpdeZHhmJy_6yJUU\"",
"actor": {
"callerType": "KEY",
"key": "HANGOUTS_EXTERNAL_OR_ANONYMOUS"
},
"events": [
{
"type": "call",
"name": "call_ended",
"parameters": [
{
"name": "video_send_seconds",
"intValue": "173"
},
{
"name": "screencast_recv_bitrate_kbps_mean",
"intValue": "61"
},
{
"name": "location_country",
"value": "FR"
},
{
"name": "identifier_type",
"value": "device_id"
},
{
"name": "audio_send_bitrate_kbps_mean",
"intValue": "0"
},
{
"name": "video_send_packet_loss_max",
"intValue": "2"
},
{
"name": "endpoint_id",
"value": "boq_hlane_QGKxiQcCZvF"
},
{
"name": "device_type",
"value": "meet_hardware"
},
{
"name": "video_send_packet_loss_mean",
"intValue": "0"
},
{
"name": "screencast_recv_long_side_median_pixels",
"intValue": "1568"
},
{
"name": "calendar_event_id",
"value": "3ckjqg60dq5j4eu9cgjtdb396c"
},
{
"name": "screencast_send_seconds",
"intValue": "0"
},
{
"name": "video_send_fps_mean",
"intValue": "30"
},
{
"name": "audio_send_packet_loss_max",
"intValue": "0"
},
{
"name": "network_send_jitter_msec_mean",
"intValue": "1"
},
{
"name": "screencast_recv_fps_mean",
"intValue": "29"
},
{
"name": "audio_recv_seconds",
"intValue": "33"
},
{
"name": "network_congestion",
"intValue": "0"
},
{
"name": "network_estimated_download_kbps_mean",
"intValue": "74"
},
{
"name": "audio_send_packet_loss_mean",
"intValue": "0"
},
{
"name": "network_transport_protocol",
"value": "udp"
},
{
"name": "duration_seconds",
"intValue": "15317"
},
{
"name": "video_send_bitrate_kbps_mean",
"intValue": "19"
},
{
"name": "identifier",
"value": "644e7990-c69d-4e09-8cd2-6ae52406c21c"
},
{
"name": "location_region",
"value": "Paris"
},
{
"name": "audio_recv_packet_loss_max",
"intValue": "0"
},
{
"name": "audio_recv_packet_loss_mean",
"intValue": "0"
},
{
"name": "network_recv_jitter_msec_max",
"intValue": "2"
},
{
"name": "organizer_email",
"value": "redacted"
},
{
"name": "screencast_recv_short_side_median_pixels",
"intValue": "980"
},
{
"name": "is_external",
"boolValue": false
},
{
"name": "network_recv_jitter_msec_mean",
"intValue": "1"
},
{
"name": "ip_address",
"value": "1.2.3.4"
},
{
"name": "audio_send_seconds",
"intValue": "15316"
},
{
"name": "display_name",
"value": "OLYMPUS (Paris-106T, 8)"
},
{
"name": "screencast_recv_packet_loss_max",
"intValue": "0"
},
{
"name": "video_recv_seconds",
"intValue": "0"
},
{
"name": "network_rtt_msec_mean",
"intValue": "8"
},
{
"name": "video_send_long_side_median_pixels",
"intValue": "320"
},
{
"name": "screencast_recv_packet_loss_mean",
"intValue": "0"
},
{
"name": "conference_id",
"value": "rJ7fsV2IE2eFwTlTZ88tDxIQOAIIigIgABgDCA"
},
{
"name": "screencast_recv_seconds",
"intValue": "14874"
},
{
"name": "product_type",
"value": "meet"
},
{
"name": "network_estimated_upload_kbps_mean",
"intValue": "7"
},
{
"name": "video_send_short_side_median_pixels",
"intValue": "180"
},
{
"name": "meeting_code",
"value": "ABCDEFGHIJ"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-14T11:32:12.301Z",
"uniqueQualifier": "-6765941919309710661",
"applicationName": "meet",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ/kViPYXKeNuJj3LiW54AIt7GLiR4\"",
"actor": {
"callerType": "KEY",
"key": "HANGOUTS_EXTERNAL_OR_ANONYMOUS"
},
"events": [
{
"type": "call",
"name": "call_ended",
"parameters": [
{
"name": "video_send_seconds",
"intValue": "725"
},
{
"name": "audio_send_bitrate_kbps_mean",
"intValue": "13"
},
{
"name": "video_send_packet_loss_max",
"intValue": "0"
},
{
"name": "endpoint_id",
"value": "boq_hlane_UJtqXZcvBo3"
},
{
"name": "device_type",
"value": "web"
},
{
"name": "video_send_packet_loss_mean",
"intValue": "0"
},
{
"name": "video_recv_long_side_median_pixels",
"intValue": "480"
},
{
"name": "calendar_event_id",
"value": "6cm94j8lp55a9880oj2o0rb3e6"
},
{
"name": "screencast_send_seconds",
"intValue": "0"
},
{
"name": "video_send_fps_mean",
"intValue": "30"
},
{
"name": "audio_send_packet_loss_max",
"intValue": "0"
},
{
"name": "video_recv_short_side_median_pixels",
"intValue": "270"
},
{
"name": "video_recv_packet_loss_mean",
"intValue": "0"
},
{
"name": "network_send_jitter_msec_mean",
"intValue": "1"
},
{
"name": "audio_recv_seconds",
"intValue": "3647"
},
{
"name": "network_congestion",
"intValue": "0"
},
{
"name": "network_estimated_download_kbps_mean",
"intValue": "1158"
},
{
"name": "audio_send_packet_loss_mean",
"intValue": "0"
},
{
"name": "network_transport_protocol",
"value": "tcp"
},
{
"name": "duration_seconds",
"intValue": "3651"
},
{
"name": "video_send_bitrate_kbps_mean",
"intValue": "375"
},
{
"name": "audio_recv_packet_loss_max",
"intValue": "9"
},
{
"name": "video_recv_fps_mean",
"intValue": "23"
},
{
"name": "audio_recv_packet_loss_mean",
"intValue": "0"
},
{
"name": "network_recv_jitter_msec_max",
"intValue": "98"
},
{
"name": "organizer_email",
"value": "redacted"
},
{
"name": "is_external",
"boolValue": true
},
{
"name": "network_recv_jitter_msec_mean",
"intValue": "3"
},
{
"name": "audio_send_seconds",
"intValue": "3647"
},
{
"name": "display_name",
"value": "Yuki"
},
{
"name": "video_recv_seconds",
"intValue": "3638"
},
{
"name": "network_rtt_msec_mean",
"intValue": "11"
},
{
"name": "video_send_long_side_median_pixels",
"intValue": "480"
},
{
"name": "conference_id",
"value": "aSABpyKZtlKN_wqM98PaDxIXOAIIigIgABgDCA"
},
{
"name": "screencast_recv_seconds",
"intValue": "3627"
},
{
"name": "product_type",
"value": "meet"
},
{
"name": "network_estimated_upload_kbps_mean",
"intValue": "105"
},
{
"name": "video_send_short_side_median_pixels",
"intValue": "270"
},
{
"name": "video_recv_packet_loss_max",
"intValue": "0"
},
{
"name": "meeting_code",
"value": "BUSOHGFTVB"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2025-02-18T16:00:24.311Z",
"uniqueQualifier": "-123456",
"applicationName": "groups_enterprise",
"customerId": "ANONYMIZED"
},
"etag": "\"ABCDEF123\"",
"actor": {
"callerType": "KEY",
"key": "SYSTEM"
},
"events": [
{
"type": "moderator_action",
"name": "remove_user",
"parameters": [
{
"name": "member_id",
"value": "john.doe@example.com"
},
{
"name": "group_id",
"value": "team@example.com"
},
{
"name": "member_type",
"value": "user"
}
]
},
{
"type": "moderator_action",
"name": "remove_member",
"parameters": [
{
"name": "member_id",
"value": "john.doe@example.com"
},
{
"name": "group_id",
"value": "team@example.com"
},
{
"name": "member_type",
"value": "user"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-11T15:20:33.157Z",
"uniqueQualifier": "-92180609786",
"applicationName": "groups_enterprise",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL\"",
"actor": {
"callerType": "USER",
"email": "jane.doe@test.com",
"profileId": "user1"
},
"events": [
{
"type": "moderator_action",
"name": "delete_group",
"parameters": [
{
"name": "group_id",
"value": "testgroup@test.com"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-13T11:02:40.037Z",
"uniqueQualifier": "235176017661",
"applicationName": "meet",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL\"",
"actor": {
"callerType": "USER",
"email": "jane.doe@test.com",
"profileId": "user1"
},
"events": [
{
"type": "call",
"name": "call_ended",
"parameters": [
{
"name": "video_send_seconds",
"intValue": "0"
},
{
"name": "location_country",
"value": "FR"
},
{
"name": "identifier_type",
"value": "email_address"
},
{
"name": "endpoint_id",
"value": "dSzi5ZfqD8I"
},
{
"name": "device_type",
"value": "web"
},
{
"name": "screencast_send_packet_loss_mean",
"intValue": "0"
},
{
"name": "calendar_event_id",
"value": "glb41ldt739tcf0bun7p9htaqr"
},
{
"name": "screencast_send_seconds",
"intValue": "83"
},
{
"name": "screencast_send_short_side_median_pixels",
"intValue": "1080"
},
{
"name": "screencast_send_packet_loss_max",
"intValue": "1"
},
{
"name": "screencast_send_fps_mean",
"intValue": "29"
},
{
"name": "audio_recv_seconds",
"intValue": "0"
},
{
"name": "network_congestion",
"intValue": "0"
},
{
"name": "network_estimated_download_kbps_mean",
"intValue": "1"
},
{
"name": "network_transport_protocol",
"value": "udp"
},
{
"name": "duration_seconds",
"intValue": "1498"
},
{
"name": "identifier",
"value": "jane.doe@test.com"
},
{
"name": "location_region",
"value": "Argenteuil"
},
{
"name": "screencast_send_bitrate_kbps_mean",
"intValue": "791"
},
{
"name": "organizer_email",
"value": "jane.doe@test.com"
},
{
"name": "ip_address",
"value": "192.0.2.1"
},
{
"name": "audio_send_seconds",
"intValue": "0"
},
{
"name": "display_name",
"value": "Test SEGLA"
},
{
"name": "video_recv_seconds",
"intValue": "0"
},
{
"name": "screencast_send_long_side_median_pixels",
"intValue": "1920"
},
{
"name": "network_rtt_msec_mean",
"intValue": "12"
},
{
"name": "conference_id",
"value": "SQEGZkIp70zCVuvX_PtXDxI"
},
{
"name": "screencast_recv_seconds",
"intValue": "0"
},
{
"name": "product_type",
"value": "meet"
},
{
"name": "network_estimated_upload_kbps_mean",
"intValue": "0"
},
{
"name": "meeting_code",
"value": "GMGSZDDDDD"
},
{
"name": "is_external",
"boolValue": false
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-13T10:31:23.630Z",
"uniqueQualifier": "47501654195",
"applicationName": "meet",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL\"",
"actor": {
"callerType": "USER",
"email": "jane.doe@test.com",
"profileId": "user1"
},
"events": [
{
"type": "conference_action",
"name": "presentation_started",
"parameters": [
{
"name": "is_external",
"boolValue": false
},
{
"name": "meeting_code",
"value": "BWXXZYNUUU"
},
{
"name": "conference_id",
"value": "iVYNZWWtL3-mwtWyAGIeDxIWOAkI"
},
{
"name": "action_time",
"value": "2024-03-13T10:31:23.630220Z"
},
{
"name": "identifier",
"value": "jane.doe@test.com"
},
{
"name": "identifier_type",
"value": "email_address"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2025-08-12T06:27:17.877Z",
"uniqueQualifier": "id-1",
"applicationName": "login",
"customerId": "ANONYMIZED"
},
"etag": "\"etag-placeholder\"",
"actor": {
"callerType": "USER",
"email": "user1@example.com",
"profileId": "user1"
},
"ipAddress": "192.0.2.20",
"networkInfo": {
"ipAsn": [
12345
],
"regionCode": "XX",
"subdivisionCode": "XX-YYY"
},
"events": [
{
"type": "blocked_sender_change",
"name": "blocked_sender",
"parameters": [
{
"name": "affected_email_address",
"value": "noreply@example.org"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-07T14:21:46.270Z",
"uniqueQualifier": "233165468629800000000",
"applicationName": "rules",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\"",
"actor": {
"email": "john.doe@test.com",
"profileId": "user1"
},
"events": [
{
"type": "action_complete_type",
"name": "action_complete",
"parameters": [
{
"name": "data_source",
"value": "DRIVE"
},
{
"name": "resource_id",
"value": "1K23Am8JmHL9vgGwUjUPaq0000000"
},
{
"name": "resource_owner_email",
"value": "john.doe@test.com"
},
{
"name": "rule_resource_name",
"value": "policies/aka00000000000"
},
{
"name": "rule_name",
"value": "DLP [Drive] - D\u00e9tecter le partage de International - Num\u00e9ro IBAN"
},
{
"name": "rule_type",
"value": "DLP"
},
{
"name": "matched_detectors",
"multiMessageValue": [
{
"parameter": [
{
"name": "detector_id",
"value": "IBAN_CODE"
},
{
"name": "detector_type",
"value": "PREDEFINED_DLP"
},
{
"name": "display_name",
"value": "IBAN_CODE"
}
]
}
]
},
{
"name": "triggered_actions",
"multiMessageValue": [
{
"parameter": [
{
"name": "action_type",
"value": "DRIVE_WARN_ON_EXTERNAL_SHARING"
}
]
}
]
},
{
"name": "resource_recipients",
"multiValue": [
"john.doe@test.com"
]
},
{
"name": "scan_type",
"value": "DRIVE_ONLINE_SCAN"
},
{
"name": "matched_trigger",
"value": "DRIVE_SHARE"
},
{
"name": "severity",
"value": "LOW"
},
{
"name": "resource_type",
"value": "DOCUMENT"
},
{
"name": "resource_title",
"value": "8157822-2024-11-7-15-21-0"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-07T14:21:46.270Z",
"uniqueQualifier": "-49907177521610000000",
"applicationName": "rules",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ/\"",
"actor": {
"email": "john.doe@test.com",
"profileId": "user1"
},
"events": [
{
"type": "content_matched_type",
"name": "content_matched",
"parameters": [
{
"name": "data_source",
"value": "DRIVE"
},
{
"name": "resource_id",
"value": "1K23Am8JmHL9vgGwUjUPaqDZV"
},
{
"name": "resource_owner_email",
"value": "john.doe@test.com"
},
{
"name": "rule_resource_name",
"value": "policies/aka000000000"
},
{
"name": "rule_name",
"value": "DLP [Drive] - D\u00e9tecter le partage de International - Num\u00e9ro IBAN"
},
{
"name": "rule_type",
"value": "DLP"
},
{
"name": "matched_detectors",
"multiMessageValue": [
{
"parameter": [
{
"name": "detector_id",
"value": "IBAN_CODE"
},
{
"name": "detector_type",
"value": "PREDEFINED_DLP"
},
{
"name": "display_name",
"value": "IBAN_CODE"
}
]
}
]
},
{
"name": "triggered_actions",
"multiMessageValue": [
{
"parameter": [
{
"name": "action_type",
"value": "DRIVE_WARN_ON_EXTERNAL_SHARING"
}
]
}
]
},
{
"name": "resource_recipients",
"multiValue": [
"john.doe@test.com"
]
},
{
"name": "scan_type",
"value": "DRIVE_ONLINE_SCAN"
},
{
"name": "severity",
"value": "LOW"
},
{
"name": "resource_type",
"value": "DOCUMENT"
},
{
"name": "resource_title",
"value": "8157822-2024-11-7-15-21-0"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-07T14:26:15.515Z",
"uniqueQualifier": "4091348940000000",
"applicationName": "saml",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\"",
"actor": {
"email": "John.doe@test.com",
"profileId": "user1"
},
"ipAddress": "192.0.2.1",
"events": [
{
"type": "login",
"name": "login_success",
"parameters": [
{
"name": "orgunit_path",
"value": "/test/implementation"
},
{
"name": "initiated_by",
"value": "sp"
},
{
"name": "application_name",
"value": "AWS"
},
{
"name": "saml_status_code",
"value": "SUCCESS_URI"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-11-07T14:24:58.191Z",
"uniqueQualifier": "-318965716033600000",
"applicationName": "saml",
"customerId": "ANONYMIZED"
},
"etag": "\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\"",
"actor": {
"email": "John.doe@test.com",
"profileId": "user1"
},
"ipAddress": "192.0.2.1",
"events": [
{
"type": "login",
"name": "login_success",
"parameters": [
{
"name": "orgunit_path",
"value": "/test/dev"
},
{
"name": "initiated_by",
"value": "sp"
},
{
"name": "application_name",
"value": "AWS Client VPN"
},
{
"name": "saml_status_code",
"value": "SUCCESS_URI"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-07-09T14:05:42.528Z",
"uniqueQualifier": "0123456789101112131",
"applicationName": "admin",
"customerId": "ANONYMIZED"
},
"etag": "BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0",
"actor": {
"callerType": "USER",
"email": "john.doe@example.net",
"profileId": "user1"
},
"ipAddress": "1.2.3.4",
"events": [
{
"type": "USER_SETTINGS",
"name": "SUSPEND_USER",
"parameters": [
{
"name": "USER_EMAIL",
"value": "jdoe@example.net"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-01-17T11:09:39.840Z",
"uniqueQualifier": "111111",
"applicationName": "drive",
"customerId": "ANONYMIZED"
},
"etag": "aaa-aaa/aaa",
"actor": {
"email": "johndoe@test.com",
"profileId": "11111"
},
"ipAddress": "0.0.0.0",
"events": [
{
"type": "access",
"name": "edit",
"parameters": [
{
"name": "primary_event",
"boolValue": false
},
{
"name": "billable",
"boolValue": true
},
{
"name": "owner_is_shared_drive",
"boolValue": false
},
{
"name": "owner",
"value": "owner@test.com"
},
{
"name": "doc_id",
"value": "1111111111"
},
{
"name": "doc_type",
"value": "document"
},
{
"name": "is_encrypted",
"boolValue": false
},
{
"name": "doc_title",
"value": "Doc Temp"
},
{
"name": "visibility",
"value": "shared_externally"
},
{
"name": "originating_app_id",
"value": "111111"
},
{
"name": "actor_is_collaborator_account",
"boolValue": false
},
{
"name": "owner_is_team_drive",
"boolValue": false
}
]
},
{
"type": "acl_change",
"name": "change_user_access",
"parameters": [
{
"name": "primary_event",
"boolValue": true
},
{
"name": "billable",
"boolValue": true
},
{
"name": "visibility_change",
"value": "external"
},
{
"name": "target_user",
"value": "redacted"
},
{
"name": "old_value",
"multiValue": [
"none"
]
},
{
"name": "new_value",
"multiValue": [
"can_edit"
]
},
{
"name": "old_visibility",
"value": "shared_internally"
},
{
"name": "owner_is_shared_drive",
"boolValue": false
},
{
"name": "owner",
"value": "owner@test.com"
},
{
"name": "doc_id",
"value": "11111"
},
{
"name": "doc_type",
"value": "document"
},
{
"name": "is_encrypted",
"boolValue": false
},
{
"name": "doc_title",
"value": "Doc Temp"
},
{
"name": "visibility",
"value": "shared_externally"
},
{
"name": "originating_app_id",
"value": "11111"
},
{
"name": "actor_is_collaborator_account",
"boolValue": false
},
{
"name": "owner_is_team_drive",
"boolValue": false
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-13T11:24:59.810Z",
"uniqueQualifier": "515960775816012389",
"applicationName": "token",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0H\"",
"actor": {
"email": "JOHN.DOE@test.com",
"profileId": "user1"
},
"ipAddress": "1.2.3.4",
"events": [
{
"name": "authorize",
"parameters": [
{
"name": "client_id",
"value": "user1"
},
{
"name": "app_name",
"value": "Test Log Workspace"
},
{
"name": "client_type",
"value": "WEB"
},
{
"name": "scope_data",
"multiMessageValue": [
{
"parameter": [
{
"name": "scope_name",
"value": "https://www.googleapis.com/auth/admin.reports.audit.readonly"
},
{
"name": "product_bucket",
"multiValue": [
"GSUITE_ADMIN"
]
}
]
},
{
"parameter": [
{
"name": "scope_name",
"value": "https://www.googleapis.com/auth/admin.reports.usage.readonly"
},
{
"name": "product_bucket",
"multiValue": [
"GSUITE_ADMIN"
]
}
]
}
]
},
{
"name": "scope",
"multiValue": [
"https://www.googleapis.com/auth/admin.reports.audit.readonly",
"https://www.googleapis.com/auth/admin.reports.usage.readonly"
]
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-03-13T11:25:23.391Z",
"uniqueQualifier": "-38605878274",
"applicationName": "token",
"customerId": "ANONYMIZED"
},
"etag": "\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0H0/t\"",
"actor": {
"email": "JOHN.DOE@test.com",
"profileId": "user1"
},
"ipAddress": "1.1.1.1",
"events": [
{
"type": "auth",
"name": "activity",
"parameters": [
{
"name": "api_name",
"value": "admin"
},
{
"name": "method_name",
"value": "reports.activities.list"
},
{
"name": "client_id",
"value": "user1"
},
{
"name": "num_response_bytes",
"intValue": "7"
},
{
"name": "product_bucket",
"value": "GSUITE_ADMIN"
},
{
"name": "app_name",
"value": "Test Log Workspace"
},
{
"name": "client_type",
"value": "WEB"
}
]
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2026-01-06T11:21:54.304Z",
"uniqueQualifier": "-123456",
"applicationName": "user_accounts",
"customerId": "REDACTED"
},
"etag": "\"abc\"",
"actor": {
"callerType": "USER",
"email": "john.doe@example.com",
"profileId": "REDACTED"
},
"ipAddress": "FE80:000:333:1111:7777:5555:6666:ddd",
"networkInfo": {
"ipAsn": [
12345
],
"regionCode": "FR",
"subdivisionCode": "FR-HDF"
},
"events": [
{
"type": "email_forwarding_change",
"name": "email_forwarding_out_of_domain",
"parameters": [
{
"name": "email_forwarding_destination_address",
"value": "jane.doe@example.net"
}
],
"resourceIds": [
"RESOURCE_ID1"
]
}
],
"resourceDetails": [
{
"id": "RESOURCE_ID1",
"type": "USER"
}
]
}
{
"kind": "admin#reports#activity",
"id": {
"time": "2024-10-24T12:15:09.887Z",
"uniqueQualifier": "38392508037850000000",
"applicationName": "vault",
"customerId": "ANONYMIZED"
},
"etag": "\"v9u8pSCZPl3C66fdSWYRyXweF216RQ7SWqFaenjlgO0/aMkDQ5g3000000000000000000000\"",
"actor": {
"callerType": "USER",
"email": "redacted",
"profileId": "user1"
},
"events": [
{
"type": "user_action",
"name": "view_cross_matter_litigation_hold_report"
}
]
}
Detection section
The following section provides information for those who wish to learn more about the detection capabilities enabled by collecting this intake. It includes details about the built-in rule catalog, event categories, and ECS fields extracted from raw events. This is essential for users aiming to create custom detection rules, perform hunting activities, or pivot in the events page.
Related Built-in Rules
The following Sekoia.io built-in rules match the intake Google Workspace / ChromeOS. This documentation is updated automatically and is based solely on the fields used by the intake which are checked against our rules. This means that some rules will be listed but might not be relevant with the intake.
SEKOIA.IO x Google Workspace / ChromeOS on ATT&CK Navigator
Advanced IP Scanner
Detects the use of Advanced IP Scanner. Seems to be a popular tool for ransomware groups.
- Effort: master
Certify Or Certipy
Detects the use of certify and certipy which are two different tools used to enumerate and abuse Active Directory Certificate Services.
- Effort: advanced
Cobalt Strike Default Beacons Names
Detects the default names of Cobalt Strike beacons / payloads.
- Effort: intermediate
Credential Dump Tools Related Files
Detects processes or file names related to credential dumping tools and the dropped files they generate by default.
- Effort: advanced
Cryptomining
Detection of domain names potentially related to cryptomining activities.
- Effort: master
Dynamic DNS Contacted
Detect communication with dynamic dns domain. This kind of domain is often used by attackers. This rule can trigger false positive in non-controlled environment because dynamic dns is not always malicious.
- Effort: master
Exfiltration Domain
Detects traffic toward a domain flagged as a possible exfiltration vector.
- Effort: master
Google Workspace Account Warning
Detects a suspicious login, leaked password, or account disabled following suspicious activity.
- Effort: elementary
Google Workspace Admin Creation
Detects when an admin is created or when his role is changed.
- Effort: master
Google Workspace Admin Deletion
Detects when an admin is deleted or when his role is unassigned.
- Effort: master
Google Workspace Admin Modification
Detects when an admin is modified.
- Effort: master
Google Workspace App Script Scheduled Task
Detects when a scheduled task is launched by Google App Script. This product is used to create scripts and integrate applications within Google Workspace.
- Effort: advanced
Google Workspace Blocked Sender
Detects when a user is blocked by google workspace.
- Effort: advanced
Google Workspace Bypass 2FA
Detects when user tries to bypass the 2FA.
- Effort: master
Google Workspace Domain Delegation
Detects when a domain delegation is granted.
- Effort: master
Google Workspace Email Forwarding
Detects when a user enables email forwarding out of the domain
- Effort: advanced
Google Workspace External Sharing
Detects a large number of external sharing.
- Effort: master
Google Workspace Login Brute-Force
Detects when a user failed to login multiple times before a successful login.
- Effort: master
Google Workspace MFA changed
Detects when the settings for the MFA are modified.
- Effort: master
Google Workspace Password Change
Detects when a password is changed. An attacker can perform this action to impact the availability of the account.
- Effort: master
Google Workspace User Creation
Detects when a new user is created.
- Effort: master
Google Workspace User Deletion
Detects when an user is deleted.
- Effort: master
Google Workspace User Suspended
Detects when an user is suspended. An attacker can use this to remove an account used during the intrusion.
- Effort: master
HTA Infection Chains
Detect the creation of a ZIP file and an HTA file as it is often used in infection chains. Furthermore it also detects the use of suspicious processes launched by explorer.exe combined with the creation of an HTA file, since it is also often used in infection chains (LNK - HTA for instance).
- Effort: advanced
HTML Smuggling Suspicious Usage
Based on several samples from different botnets, this rule aims at detecting HTML infection chain by looking for HTML created files followed by suspicious files being executed.
- Effort: advanced
HackTools Suspicious Names
Quick-win rule to detect the default process names or file names of several HackTools.
- Effort: advanced
ISO LNK Infection Chain
Detection of an ISO (or any other similar archive file) downloaded file, followed by a child-process of explorer, which is characteristic of an infection using an ISO containing an LNK file. For events with host.name.
- Effort: master
Internet Scanner
Detects known scanner IP addresses. Alert is only raised when the scan hits an opened port, on TCP or UDP. This could be a very noisy rule, so be careful to check your detection perimeter before activation.
- Effort: master
Internet Scanner Target
Detects known scanner IP addresses. Alert is only raised when the scan hits an opened port, on TCP or UDP and group by target address. This could be a very noisy rule, so be careful to check your detection perimeter before activation.
- Effort: master
PasswordDump SecurityXploded Tool
Detects the execution of the PasswordDump SecurityXploded Tool
- Effort: elementary
RTLO Character
Detects RTLO (Right-To-Left character) in file and process names.
- Effort: elementary
Remote Access Tool Domain
Detects traffic toward a domain flagged as a Remote Administration Tool (RAT).
- Effort: master
Remote Monitoring and Management Software - AnyDesk
Detect artifacts related to the installation or execution of the Remote Monitoring and Management tool AnyDesk.
- Effort: master
SEKOIA.IO Intelligence Feed
Detect threats based on indicators of compromise (IOCs) collected by SEKOIA's Threat and Detection Research team.
- Effort: elementary
Sekoia.io EICAR Detection
Detects observables in Sekoia.io CTI tagged as EICAR, which are fake samples meant to test detection.
- Effort: master
Sign-In Via Known AiTM Phishing Kit
Detects a sign-in attempt from an IP address belonging to a known adversary-in-the-middle phishing kit.
- Effort: elementary
Suspicious File Name
Detects suspicious file name possibly linked to malicious tool.
- Effort: advanced
Suspicious PROCEXP152.sys File Created In Tmp
Detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. Note - Clever attackers may easily bypass this detection by just renaming the driver filename. Therefore just Medium-level and don't rely on it.
- Effort: advanced
TOR Usage Generic Rule
Detects TOR usage globally, whether the IP is a destination or source. TOR is short for The Onion Router, and it gets its name from how it works. TOR intercepts the network traffic from one or more apps on user’s computer, usually the user web browser, and shuffles it through a number of randomly-chosen computers before passing it on to its destination. This disguises user location, and makes it harder for servers to pick him/her out on repeat visits, or to tie together separate visits to different sites, this making tracking and surveillance more difficult. Before a network packet starts its journey, user’s computer chooses a random list of relays and repeatedly encrypts the data in multiple layers, like an onion. Each relay knows only enough to strip off the outermost layer of encryption, before passing what’s left on to the next relay in the list.
- Effort: master
WCE wceaux.dll Creation
Detects wceaux.dll creation while Windows Credentials Editor (WCE) is executed.
- Effort: intermediate
ZIP LNK Infection Chain
Detection of an ZIP download followed by a child-process of explorer, followed by multiple Windows processes.This is widely used as an infection chain mechanism.
- Effort: advanced
Event Categories
The following table lists the data source offered by this integration.
| Data Source | Description |
|---|---|
GCP audit logs |
Google Cloud Audit contains logs from multiple Google Cloud source such as Google Workspace. |
In details, the following table denotes the type of events produced by this integration.
| Name | Values |
|---|---|
| Kind | `` |
| Category | authentication, configuration, file, host, iam, session |
| Type | access, admin, allowed, change, connection, creation, deletion, denied, end, info, start |
Transformed Events Samples after Ingestion
This section demonstrates how the raw logs will be transformed by our parsers. It shows the extracted fields that will be available for use in the built-in detection rules and hunting activities in the events page. Understanding these transformations is essential for analysts to create effective detection mechanisms with custom detection rules and to leverage the full potential of the collected data.
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-07T14:23:22.470Z\",\"uniqueQualifier\":\"-7203312395540000000\",\"applicationName\":\"context_aware_access\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"john.doe@test.com\",\"profileId\":\"user1\"},\"ipAddress\":\"192.0.2.1\",\"events\":[{\"type\":\"CONTEXT_AWARE_ACCESS_USER_EVENT\",\"name\":\"MONITOR_MODE_ACCESS_DENY_EVENT\",\"parameters\":[{\"name\":\"CAA_ACCESS_LEVEL_APPLIED\",\"multiValue\":[\"is admin-approved IOS\",\"is admin-approved android\",\"Is Corporate Device\"]},{\"name\":\"CAA_ACCESS_LEVEL_UNSATISFIED\",\"multiValue\":[\"is admin-approved android\",\"Crowdstrike Compliant Device\",\"is admin-approved IOS\",\"Is Corporate Device\"]},{\"name\":\"CAA_APPLICATION\",\"value\":\"GMAIL\"},{\"name\":\"BLOCKED_API_ACCESS\",\"multiValue\":[\"GMAIL\"]},{\"name\":\"CAA_DEVICE_ID\",\"value\":\"UNKNOWN\"},{\"name\":\"CAA_DEVICE_STATE\",\"value\":\"No Device Signals\"}]}]}",
"event": {
"action": "MONITOR_MODE_ACCESS_DENY_EVENT",
"dataset": "admin#reports#activity",
"type": [
"denied"
]
},
"@timestamp": "2024-11-07T14:23:22.470000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"access": {
"application": "GMAIL"
},
"actor": {
"email": "john.doe@test.com"
},
"events": [
{
"name": "MONITOR_MODE_ACCESS_DENY_EVENT",
"type": "CONTEXT_AWARE_ACCESS_USER_EVENT"
}
],
"parameters_all": [
{
"multiValue": [
"is admin-approved IOS",
"is admin-approved android",
"Is Corporate Device"
],
"name": "CAA_ACCESS_LEVEL_APPLIED"
},
{
"multiValue": [
"is admin-approved android",
"Crowdstrike Compliant Device",
"is admin-approved IOS",
"Is Corporate Device"
],
"name": "CAA_ACCESS_LEVEL_UNSATISFIED"
},
{
"name": "CAA_APPLICATION",
"value": "GMAIL"
},
{
"multiValue": [
"GMAIL"
],
"name": "BLOCKED_API_ACCESS"
},
{
"name": "CAA_DEVICE_ID",
"value": "UNKNOWN"
},
{
"name": "CAA_DEVICE_STATE",
"value": "No Device Signals"
}
]
}
},
"network": {
"application": "context_aware_access"
},
"related": {
"ip": [
"192.0.2.1"
],
"user": [
"john.doe"
]
},
"source": {
"address": "192.0.2.1",
"ip": "192.0.2.1"
},
"user": {
"domain": "test.com",
"email": "john.doe@test.com",
"id": "user1",
"name": "john.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2025-12-01T11:00:20.545Z\",\"uniqueQualifier\":\"-2222222222222222222\",\"applicationName\":\"admin\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"Abc/Def\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"john.doe@example.com\",\"profileId\":\"111111111111111111111\"},\"ipAddress\":\"1.2.3.4\",\"networkInfo\":{\"ipAsn\":[3215],\"regionCode\":\"FR\",\"subdivisionCode\":\"FR-IDF\"},\"events\":[{\"type\":\"SECURITY_INVESTIGATION\",\"name\":\"SECURITY_INVESTIGATION_CONTENT_ACCESS\",\"parameters\":[{\"name\":\"INVESTIGATION_DATA_SOURCE\",\"value\":\"GMAIL\"},{\"name\":\"INVESTIGATION_CONTENT_ACCESS_ENTITY_ID\",\"value\":\"(<test@example.org> jane.doe@example.net)\"},{\"name\":\"INVESTIGATION_CONTENT_ACCESS_JUSTIFICATION\",\"value\":\"https://test.atlassian.net/jira/servicedesk/projects/ALRT/queues/custom/125/ALRT-1\"},{\"name\":\"INVESTIGATION_CONTENT_ACCESS_DEVICE\",\"value\":\"REDACTED\"}]}]}",
"event": {
"action": "SECURITY_INVESTIGATION_CONTENT_ACCESS",
"category": [
"configuration"
],
"dataset": "admin#reports#activity",
"type": []
},
"@timestamp": "2025-12-01T11:00:20.545000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "john.doe@example.com"
},
"events": [
{
"name": "SECURITY_INVESTIGATION_CONTENT_ACCESS",
"type": "SECURITY_INVESTIGATION"
}
],
"parameters_all": [
{
"name": "INVESTIGATION_DATA_SOURCE",
"value": "GMAIL"
},
{
"name": "INVESTIGATION_CONTENT_ACCESS_ENTITY_ID",
"value": "(<test@example.org> jane.doe@example.net)"
},
{
"name": "INVESTIGATION_CONTENT_ACCESS_JUSTIFICATION",
"value": "https://test.atlassian.net/jira/servicedesk/projects/ALRT/queues/custom/125/ALRT-1"
},
{
"name": "INVESTIGATION_CONTENT_ACCESS_DEVICE",
"value": "REDACTED"
}
],
"rule": {
"data_source": "GMAIL"
}
}
},
"network": {
"application": "admin"
},
"related": {
"ip": [
"1.2.3.4"
],
"user": [
"john.doe"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"domain": "example.com",
"email": "john.doe@example.com",
"id": "111111111111111111111",
"name": "john.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-12T14:50:56.780Z\",\"uniqueQualifier\":\"-68755428425\",\"applicationName\":\"admin\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0H\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"test@test.com\",\"profileId\":\"user1\"},\"ipAddress\":\"FE80:000:333:1111:7777:5555:6666:ddd\",\"events\":[{\"type\":\"ALERT_CENTER\",\"name\":\"ALERT_CENTER_VIEW\",\"parameters\":[{\"name\":\"ALERT_ID\",\"value\":\"445831ce-36e0-44b5-aca6-0d85f7454df7,69f7ac90-44de\"}]}]}",
"event": {
"action": "ALERT_CENTER_VIEW",
"category": [
"configuration"
],
"dataset": "admin#reports#activity",
"type": [
"info"
]
},
"@timestamp": "2024-03-12T14:50:56.780000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "test@test.com"
},
"events": [
{
"name": "ALERT_CENTER_VIEW",
"type": "ALERT_CENTER"
}
],
"parameters_all": [
{
"name": "ALERT_ID",
"value": "445831ce-36e0-44b5-aca6-0d85f7454df7,69f7ac90-44de"
}
]
}
},
"network": {
"application": "admin"
},
"related": {
"ip": [
"fe80:0:333:1111:7777:5555:6666:ddd"
],
"user": [
"test"
]
},
"source": {
"address": "fe80:0:333:1111:7777:5555:6666:ddd",
"ip": "fe80:0:333:1111:7777:5555:6666:ddd"
},
"user": {
"domain": "test.com",
"email": "test@test.com",
"id": "user1",
"name": "test"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-12T14:41:33.804Z\",\"uniqueQualifier\":\"-4779949128172\",\"applicationName\":\"admin\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0\\\"\",\"actor\":{\"email\":\"test@test.com\",\"profileId\":\"user1\"},\"ipAddress\":\"FE80:000:333:1111:7777:5555:6666:ddd\",\"events\":[{\"type\":\"SECURITY_SETTINGS\",\"name\":\"ALLOW_STRONG_AUTHENTICATION\",\"parameters\":[{\"name\":\"OLD_VALUE\",\"value\":\"INHERIT_FROM_PARENT\"},{\"name\":\"NEW_VALUE\",\"value\":\"true\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"IT\"}]},{\"type\":\"SECURITY_SETTINGS\",\"name\":\"ENFORCE_STRONG_AUTHENTICATION\",\"parameters\":[{\"name\":\"OLD_VALUE\",\"value\":\"INHERIT_FROM_PARENT\"},{\"name\":\"NEW_VALUE\",\"value\":\"true\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"IT\"}]},{\"type\":\"SECURITY_SETTINGS\",\"name\":\"CHANGE_TWO_STEP_VERIFICATION_FREQUENCY\",\"parameters\":[{\"name\":\"OLD_VALUE\",\"value\":\"INHERIT_FROM_PARENT\"},{\"name\":\"NEW_VALUE\",\"value\":\"DISABLE_USERS_TO_TRUST_DEVICE\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"IT\"}]},{\"type\":\"SECURITY_SETTINGS\",\"name\":\"CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION\",\"parameters\":[{\"name\":\"OLD_VALUE\",\"value\":\"INHERIT_FROM_PARENT\"},{\"name\":\"NEW_VALUE\",\"value\":\"1 week\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"IT\"}]},{\"type\":\"SECURITY_SETTINGS\",\"name\":\"CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION\",\"parameters\":[{\"name\":\"OLD_VALUE\",\"value\":\"INHERIT_FROM_PARENT\"},{\"name\":\"NEW_VALUE\",\"value\":\"1 day\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"IT\"}]},{\"type\":\"SECURITY_SETTINGS\",\"name\":\"CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS\",\"parameters\":[{\"name\":\"ALLOWED_TWO_STEP_VERIFICATION_METHOD\",\"value\":\"NO_TELEPHONY\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"IT\"}]},{\"type\":\"SECURITY_SETTINGS\",\"name\":\"CHANGE_TWO_STEP_VERIFICATION_START_DATE\",\"parameters\":[{\"name\":\"OLD_VALUE\",\"value\":\"INHERIT_FROM_PARENT\"},{\"name\":\"NEW_VALUE\",\"value\":\"2019-10-31\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"IT\"}]}]}",
"event": {
"action": [
"ALLOW_STRONG_AUTHENTICATION",
"CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS",
"CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION",
"CHANGE_TWO_STEP_VERIFICATION_FREQUENCY",
"CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION",
"CHANGE_TWO_STEP_VERIFICATION_START_DATE",
"ENFORCE_STRONG_AUTHENTICATION"
],
"category": [
"configuration"
],
"dataset": "admin#reports#activity",
"type": [
"access",
"change"
]
},
"@timestamp": "2024-03-12T14:41:33.804000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "test@test.com"
},
"events": [
{
"name": "ALLOW_STRONG_AUTHENTICATION",
"type": "SECURITY_SETTINGS"
},
{
"name": "ENFORCE_STRONG_AUTHENTICATION",
"type": "SECURITY_SETTINGS"
},
{
"name": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY",
"type": "SECURITY_SETTINGS"
},
{
"name": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION",
"type": "SECURITY_SETTINGS"
},
{
"name": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION",
"type": "SECURITY_SETTINGS"
},
{
"name": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS",
"type": "SECURITY_SETTINGS"
},
{
"name": "CHANGE_TWO_STEP_VERIFICATION_START_DATE",
"type": "SECURITY_SETTINGS"
}
],
"parameters_all": [
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "true"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
},
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "true"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
},
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "DISABLE_USERS_TO_TRUST_DEVICE"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
},
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "1 week"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
},
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "1 day"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
},
{
"name": "ALLOWED_TWO_STEP_VERIFICATION_METHOD",
"value": "NO_TELEPHONY"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
},
{
"name": "OLD_VALUE",
"value": "INHERIT_FROM_PARENT"
},
{
"name": "NEW_VALUE",
"value": "2019-10-31"
},
{
"name": "ORG_UNIT_NAME",
"value": "IT"
}
]
}
},
"network": {
"application": "admin"
},
"related": {
"ip": [
"fe80:0:333:1111:7777:5555:6666:ddd"
],
"user": [
"test"
]
},
"source": {
"address": "fe80:0:333:1111:7777:5555:6666:ddd",
"ip": "fe80:0:333:1111:7777:5555:6666:ddd"
},
"user": {
"domain": "test.com",
"email": "test@test.com",
"id": "user1",
"name": "test"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-13T10:25:01.859Z\",\"uniqueQualifier\":\"-119782077599\",\"applicationName\":\"calendar\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z\\\"\",\"actor\":{\"email\":\"jane.doe@test.com\",\"profileId\":\"user1\"},\"ownerDomain\":\"sekoia.io\",\"ipAddress\":\"1.2.3.4\",\"events\":[{\"type\":\"event_change\",\"name\":\"change_event\",\"parameters\":[{\"name\":\"event_id\",\"value\":\"6qr2cujo0lkfln\"},{\"name\":\"organizer_calendar_id\",\"value\":\"jane.doe@test.com\"},{\"name\":\"calendar_id\",\"value\":\"jane.doe@test.com\"},{\"name\":\"event_title\",\"value\":\"title test\"},{\"name\":\"is_recurring\",\"boolValue\":false},{\"name\":\"recurring\",\"value\":\"no\"},{\"name\":\"client_side_encrypted\",\"value\":\"no\"},{\"name\":\"start_time\",\"intValue\":\"63846009000\"},{\"name\":\"end_time\",\"intValue\":\"63846010800\"},{\"name\":\"api_kind\",\"value\":\"caldav\"},{\"name\":\"user_agent\",\"value\":\"macOS/12.5\"}]}]}",
"event": {
"action": "change_event",
"category": [
"configuration"
],
"dataset": "admin#reports#activity",
"type": [
"change"
]
},
"@timestamp": "2024-03-13T10:25:01.859000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "jane.doe@test.com"
},
"events": [
{
"name": "change_event",
"type": "event_change"
}
],
"parameters_all": [
{
"name": "event_id",
"value": "6qr2cujo0lkfln"
},
{
"name": "organizer_calendar_id",
"value": "jane.doe@test.com"
},
{
"name": "calendar_id",
"value": "jane.doe@test.com"
},
{
"name": "event_title",
"value": "title test"
},
{
"boolValue": false,
"name": "is_recurring"
},
{
"name": "recurring",
"value": "no"
},
{
"name": "client_side_encrypted",
"value": "no"
},
{
"intValue": "63846009000",
"name": "start_time"
},
{
"intValue": "63846010800",
"name": "end_time"
},
{
"name": "api_kind",
"value": "caldav"
},
{
"name": "user_agent",
"value": "macOS/12.5"
}
]
}
},
"network": {
"application": "calendar"
},
"related": {
"ip": [
"1.2.3.4"
],
"user": [
"jane.doe"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"domain": "test.com",
"email": "jane.doe@test.com",
"id": "user1",
"name": "jane.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-13T10:36:57.929Z\",\"uniqueQualifier\":\"2480088525820\",\"applicationName\":\"calendar\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL\\\"\",\"actor\":{\"email\":\"john.doe@test.com\",\"profileId\":\"user1\"},\"ownerDomain\":\"test.com\",\"ipAddress\":\"192.0.2.1\",\"events\":[{\"type\":\"event_change\",\"name\":\"create_event\",\"parameters\":[{\"name\":\"event_id\",\"value\":\"fksdqs5mv613b\"},{\"name\":\"organizer_calendar_id\",\"value\":\"john.doe@test.com\"},{\"name\":\"calendar_id\",\"value\":\"jane.doe@test.com\"},{\"name\":\"event_title\",\"value\":\"Test title\"},{\"name\":\"is_recurring\",\"boolValue\":false},{\"name\":\"recurring\",\"value\":\"no\"},{\"name\":\"client_side_encrypted\",\"value\":\"no\"},{\"name\":\"start_time\",\"intValue\":\"63846450000\"},{\"name\":\"end_time\",\"intValue\":\"63846453600\"},{\"name\":\"user_agent\",\"value\":\"Calendly\"}]},{\"type\":\"event_change\",\"name\":\"add_event_guest\",\"parameters\":[{\"name\":\"event_id\",\"value\":\"fksdqs5mv613b\"},{\"name\":\"organizer_calendar_id\",\"value\":\"john.doe@test.com\"},{\"name\":\"calendar_id\",\"value\":\"jane.doe@test.com\"},{\"name\":\"event_title\",\"value\":\"Test title\"},{\"name\":\"is_recurring\",\"boolValue\":false},{\"name\":\"recurring\",\"value\":\"no\"},{\"name\":\"client_side_encrypted\",\"value\":\"no\"},{\"name\":\"event_guest\",\"value\":\"jane.doe@test.com\"},{\"name\":\"user_agent\",\"value\":\"Calendly\"}]}]}",
"event": {
"action": [
"add_event_guest",
"create_event"
],
"category": [
"configuration"
],
"dataset": "admin#reports#activity",
"type": [
"change",
"creation"
]
},
"@timestamp": "2024-03-13T10:36:57.929000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"destination": {
"user": {
"email": "jane.doe@test.com"
}
},
"google": {
"report": {
"actor": {
"email": "john.doe@test.com"
},
"events": [
{
"name": "create_event",
"type": "event_change"
},
{
"name": "add_event_guest",
"type": "event_change"
}
],
"parameters_all": [
{
"name": "event_id",
"value": "fksdqs5mv613b"
},
{
"name": "organizer_calendar_id",
"value": "john.doe@test.com"
},
{
"name": "calendar_id",
"value": "jane.doe@test.com"
},
{
"name": "event_title",
"value": "Test title"
},
{
"boolValue": false,
"name": "is_recurring"
},
{
"name": "recurring",
"value": "no"
},
{
"name": "client_side_encrypted",
"value": "no"
},
{
"intValue": "63846450000",
"name": "start_time"
},
{
"intValue": "63846453600",
"name": "end_time"
},
{
"name": "user_agent",
"value": "Calendly"
},
{
"name": "event_id",
"value": "fksdqs5mv613b"
},
{
"name": "organizer_calendar_id",
"value": "john.doe@test.com"
},
{
"name": "calendar_id",
"value": "jane.doe@test.com"
},
{
"name": "event_title",
"value": "Test title"
},
{
"boolValue": false,
"name": "is_recurring"
},
{
"name": "recurring",
"value": "no"
},
{
"name": "client_side_encrypted",
"value": "no"
},
{
"name": "event_guest",
"value": "jane.doe@test.com"
},
{
"name": "user_agent",
"value": "Calendly"
}
]
}
},
"network": {
"application": "calendar"
},
"related": {
"ip": [
"192.0.2.1"
],
"user": [
"john.doe"
]
},
"source": {
"address": "192.0.2.1",
"ip": "192.0.2.1"
},
"user": {
"domain": "test.com",
"email": "john.doe@test.com",
"id": "user1",
"name": "john.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-08T10:37:56.354Z\",\"uniqueQualifier\":\"-75128508411076\",\"applicationName\":\"chat\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0H0\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"jane.doe@test.com\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"user_action\",\"name\":\"message_posted\",\"parameters\":[{\"name\":\"room_id\",\"value\":\"AAAAAAAAAA\"},{\"name\":\"actor\",\"value\":\"jane.doe@test.com\"},{\"name\":\"message_id\",\"value\":\"spaces/AAAApr7T222/messages/oODWFIV2CtA\"},{\"name\":\"retention_state\",\"value\":\"PERMANENT\"},{\"name\":\"room_name\",\"value\":\"Group Chat (AAAAAAAAAA)\"},{\"name\":\"dlp_scan_status\",\"value\":\"DLP_NOT_APPLICABLE\"}]}]}",
"event": {
"action": "message_posted",
"category": [
"session"
],
"dataset": "admin#reports#activity",
"type": [
"connection"
]
},
"@timestamp": "2024-03-08T10:37:56.354000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "jane.doe@test.com"
},
"chat": {
"message": {
"id": "spaces/AAAApr7T222/messages/oODWFIV2CtA"
},
"room": {
"name": "Group Chat (AAAAAAAAAA)"
}
},
"events": [
{
"name": "message_posted",
"type": "user_action"
}
],
"parameters_all": [
{
"name": "room_id",
"value": "AAAAAAAAAA"
},
{
"name": "actor",
"value": "jane.doe@test.com"
},
{
"name": "message_id",
"value": "spaces/AAAApr7T222/messages/oODWFIV2CtA"
},
{
"name": "retention_state",
"value": "PERMANENT"
},
{
"name": "room_name",
"value": "Group Chat (AAAAAAAAAA)"
},
{
"name": "dlp_scan_status",
"value": "DLP_NOT_APPLICABLE"
}
]
}
},
"network": {
"application": "chat"
},
"related": {
"user": [
"jane.doe"
]
},
"user": {
"domain": "test.com",
"email": "jane.doe@test.com",
"id": "user1",
"name": "jane.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-12T10:01:16.430Z\",\"uniqueQualifier\":\"-2323518099402\",\"applicationName\":\"chat\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"jane.doe@test.com\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"user_action\",\"name\":\"room_created\",\"parameters\":[{\"name\":\"room_id\",\"value\":\"AAAAAAAAA\"},{\"name\":\"actor\",\"value\":\"jane.doe@test.com\"},{\"name\":\"external_room\",\"value\":\"DISABLED\"},{\"name\":\"room_name\",\"value\":\"Group Chat (AAAAAAAAA)\"}]}]}",
"event": {
"action": "room_created",
"category": [
"session"
],
"dataset": "admin#reports#activity",
"type": [
"connection"
]
},
"@timestamp": "2024-03-12T10:01:16.430000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "jane.doe@test.com"
},
"chat": {
"room": {
"name": "Group Chat (AAAAAAAAA)"
}
},
"events": [
{
"name": "room_created",
"type": "user_action"
}
],
"parameters_all": [
{
"name": "room_id",
"value": "AAAAAAAAA"
},
{
"name": "actor",
"value": "jane.doe@test.com"
},
{
"name": "external_room",
"value": "DISABLED"
},
{
"name": "room_name",
"value": "Group Chat (AAAAAAAAA)"
}
]
}
},
"network": {
"application": "chat"
},
"related": {
"user": [
"jane.doe"
]
},
"user": {
"domain": "test.com",
"email": "jane.doe@test.com",
"id": "user1",
"name": "jane.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-15T09:11:54.000Z\",\"uniqueQualifier\":\"8333377333333333333\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kD8ZfWJ2SmlhI/FB6vZhPRe0T5Zqobg\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_ADD_REMOVE_USER_TYPE\",\"name\":\"CHROME_OS_ADD_USER\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"172800000000000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_AFFILIATED_USER_ADDED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"redacted\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.51.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"47777777-cccc-7777-7777-f16211400000000\"}]}]}",
"event": {
"action": "CHROME_OS_ADD_USER",
"category": [
"iam"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_AFFILIATED_USER_ADDED",
"type": [
"creation"
]
},
"@timestamp": "2024-10-15T09:11:54Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "47777777-cccc-7777-7777-f16211400000000"
},
"google": {
"report": {
"events": [
{
"name": "CHROME_OS_ADD_USER",
"type": "CHROME_OS_ADD_REMOVE_USER_TYPE"
}
],
"parameters_all": [
{
"intValue": "172800000000000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_AFFILIATED_USER_ADDED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "47777777-cccc-7777-7777-f16211400000000"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.51.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"redacted"
]
},
"user": {
"id": "user1",
"name": "redacted"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-15T09:41:04.457Z\",\"uniqueQualifier\":\"-419957426935000000000\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kD8ZfWJ2SmlhIiA/NR0JCBuKk9DM7\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROMEOS_LOCK_UNLOCK_TYPE\",\"name\":\"CHROMEOS_AFFILIATED_LOCK_SUCCESS\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1728984444444\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_AFFILIATED_LOCK_SUCCESS\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"redacted\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.51.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc77ae-ce6b-4857-b741-f100000000000000000\"}]}]}",
"event": {
"action": "CHROMEOS_AFFILIATED_LOCK_SUCCESS",
"category": [
"authentication"
],
"dataset": "admin#reports#activity",
"outcome": "success",
"reason": "CHROMEOS_AFFILIATED_LOCK_SUCCESS",
"type": [
"end"
]
},
"@timestamp": "2024-10-15T09:41:04.457000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc77ae-ce6b-4857-b741-f100000000000000000"
},
"google": {
"report": {
"events": [
{
"name": "CHROMEOS_AFFILIATED_LOCK_SUCCESS",
"type": "CHROMEOS_LOCK_UNLOCK_TYPE"
}
],
"parameters_all": [
{
"intValue": "1728984444444",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_AFFILIATED_LOCK_SUCCESS"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857-b741-f100000000000000000"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.51.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"redacted"
]
},
"user": {
"id": "user1",
"name": "redacted"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-08T13:15:35.760Z\",\"uniqueQualifier\":\"-5079400007310000000\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfbhIiAAGttWx4uxgdiOjzAg0/tTZpUjK2c3wFB9Uh\\\"\",\"actor\":{\"callerType\":\"KEY\",\"key\":\"SYSTEM\"},\"events\":[{\"type\":\"DEVICE_BOOT_STATE_CHANGE_TYPE\",\"name\":\"DEVICE_BOOT_STATE_CHANGE\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1731071700000\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROME_OS_VERIFIED_MODE\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"c4a7f0fa-e5d1-4a07-8f61-9eeeeeeeeeef\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"\"},{\"name\":\"PREVIOUS_BOOT_MODE\",\"value\":\"UNKNOWN\"},{\"name\":\"NEW_BOOT_MODE\",\"value\":\"VERIFIED\"}]}]}",
"event": {
"action": "DEVICE_BOOT_STATE_CHANGE",
"category": [
"host"
],
"dataset": "admin#reports#activity",
"reason": "CHROME_OS_VERIFIED_MODE",
"type": [
"change"
]
},
"@timestamp": "2024-11-08T13:15:35.760000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "c4a7f0fa-e5d1-4a07-8f61-9eeeeeeeeeef"
},
"google": {
"report": {
"boot_mode": {
"new": "VERIFIED"
},
"events": [
{
"name": "DEVICE_BOOT_STATE_CHANGE",
"type": "DEVICE_BOOT_STATE_CHANGE_TYPE"
}
],
"parameters_all": [
{
"intValue": "1731071700000",
"name": "TIMESTAMP"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "EVENT_REASON",
"value": "CHROME_OS_VERIFIED_MODE"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "c4a7f0fa-e5d1-4a07-8f61-9eeeeeeeeeef"
},
{
"name": "DEVICE_PLATFORM",
"value": ""
},
{
"name": "PREVIOUS_BOOT_MODE",
"value": "UNKNOWN"
},
{
"name": "NEW_BOOT_MODE",
"value": "VERIFIED"
}
]
}
},
"host": {
"name": "example.com"
},
"network": {
"application": "chrome"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-21T13:47:41.000Z\",\"uniqueQualifier\":\"-41312380982470000000\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kD84uxgdiOjzAg0/ydpRq7PE6Sq81YCdl1\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"redacted\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_CRD_CLIENT_CONNECTED_TYPE\",\"name\":\"CHROME_OS_CRD_CLIENT_CONNECTED\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"17290000000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_CRD_CLIENT_CONNECTED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"Admin\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"CONNECTION_TYPE\",\"value\":\"RELAY\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.58.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"0f9e7f45-b777-4777-b777-c214388888888\"},{\"name\":\"SESSION_ID\",\"value\":\"joedoe@test.fr/chromoting_ftl_d2cd9895-eeee-5555-0000-00040059755\"}]}]}",
"event": {
"action": "CHROME_OS_CRD_CLIENT_CONNECTED",
"category": [
"session"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_CRD_CLIENT_CONNECTED",
"type": [
"start"
]
},
"@timestamp": "2024-10-21T13:47:41Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "0f9e7f45-b777-4777-b777-c214388888888"
},
"google": {
"report": {
"actor": {
"email": "redacted"
},
"events": [
{
"name": "CHROME_OS_CRD_CLIENT_CONNECTED",
"type": "CHROME_OS_CRD_CLIENT_CONNECTED_TYPE"
}
],
"parameters_all": [
{
"intValue": "17290000000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_CRD_CLIENT_CONNECTED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "Admin"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "CONNECTION_TYPE",
"value": "RELAY"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.58.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "0f9e7f45-b777-4777-b777-c214388888888"
},
{
"name": "SESSION_ID",
"value": "joedoe@test.fr/chromoting_ftl_d2cd9895-eeee-5555-0000-00040059755"
}
],
"session": {
"id": "joedoe@test.fr/chromoting_ftl_d2cd9895-eeee-5555-0000-00040059755"
}
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.58.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"Admin"
]
},
"user": {
"id": "user1",
"name": "Admin"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-21T13:48:12.000Z\",\"uniqueQualifier\":\"389668566663666666613\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kDttWx4uxgdiOjzAg0/k9WnQIxoNvYgDlcL8\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"redacted\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_CRD_CLIENT_DISCONNECTED_TYPE\",\"name\":\"CHROME_OS_CRD_CLIENT_DISCONNECTED\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1729518000000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_CRD_CLIENT_DISCONNECTED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"Admin\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.58.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"0f9e7f45-7777-7777-7777-c21438884dc5\"},{\"name\":\"SESSION_ID\",\"value\":\"joeDoe@test.fr/chromoting_ftl_dddd9999-eeee-5555-0000-55555555555\"}]}]}",
"event": {
"action": "CHROME_OS_CRD_CLIENT_DISCONNECTED",
"category": [
"session"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_CRD_CLIENT_DISCONNECTED",
"type": [
"end"
]
},
"@timestamp": "2024-10-21T13:48:12Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "0f9e7f45-7777-7777-7777-c21438884dc5"
},
"google": {
"report": {
"actor": {
"email": "redacted"
},
"events": [
{
"name": "CHROME_OS_CRD_CLIENT_DISCONNECTED",
"type": "CHROME_OS_CRD_CLIENT_DISCONNECTED_TYPE"
}
],
"parameters_all": [
{
"intValue": "1729518000000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_CRD_CLIENT_DISCONNECTED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "Admin"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.58.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "0f9e7f45-7777-7777-7777-c21438884dc5"
},
{
"name": "SESSION_ID",
"value": "joeDoe@test.fr/chromoting_ftl_dddd9999-eeee-5555-0000-55555555555"
}
],
"session": {
"id": "joeDoe@test.fr/chromoting_ftl_dddd9999-eeee-5555-0000-55555555555"
}
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.58.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"Admin"
]
},
"user": {
"id": "user1",
"name": "Admin"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-21T13:48:12.000Z\",\"uniqueQualifier\":\"-3822400088800088888\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kD8ZfWxgdiOjzAg0/ND9YlWuFYJrufwljQI\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"redacted\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_CRD_HOST_ENDED_TYPE\",\"name\":\"CHROME_OS_CRD_HOST_ENDED\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"17292222222000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_CRD_HOST_ENDED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"Admin\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.58.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"0f9e7f45-b777-4777-b777-c21438e84dc5\"}]}]}",
"event": {
"action": "CHROME_OS_CRD_HOST_ENDED",
"category": [
"host"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_CRD_HOST_ENDED",
"type": [
"end"
]
},
"@timestamp": "2024-10-21T13:48:12Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "0f9e7f45-b777-4777-b777-c21438e84dc5"
},
"google": {
"report": {
"actor": {
"email": "redacted"
},
"events": [
{
"name": "CHROME_OS_CRD_HOST_ENDED",
"type": "CHROME_OS_CRD_HOST_ENDED_TYPE"
}
],
"parameters_all": [
{
"intValue": "17292222222000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_CRD_HOST_ENDED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "Admin"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.58.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "0f9e7f45-b777-4777-b777-c21438e84dc5"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.58.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"Admin"
]
},
"user": {
"id": "user1",
"name": "Admin"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-21T13:47:27.000Z\",\"uniqueQualifier\":\"6345555777799998888\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kDttWx4uxgdiOjzAg0/4hGqeNXoNQepbYGE\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"redacted\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_CRD_HOST_STARTED_TYPE\",\"name\":\"CHROME_OS_CRD_HOST_STARTED\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1724444440000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_CRD_HOST_STARTED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"Admin\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.58.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"0f9e7f45-b187-4444-7777-c23338884555\"}]}]}",
"event": {
"action": "CHROME_OS_CRD_HOST_STARTED",
"category": [
"host"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_CRD_HOST_STARTED",
"type": [
"start"
]
},
"@timestamp": "2024-10-21T13:47:27Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "0f9e7f45-b187-4444-7777-c23338884555"
},
"google": {
"report": {
"actor": {
"email": "redacted"
},
"events": [
{
"name": "CHROME_OS_CRD_HOST_STARTED",
"type": "CHROME_OS_CRD_HOST_STARTED_TYPE"
}
],
"parameters_all": [
{
"intValue": "1724444440000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_CRD_HOST_STARTED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "Admin"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.58.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "0f9e7f45-b187-4444-7777-c23338884555"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.58.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"Admin"
]
},
"user": {
"id": "user1",
"name": "Admin"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-08T13:20:40.000Z\",\"uniqueQualifier\":\"-2392455694764444444444\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_LOGIN_LOGOUT_TYPE\",\"name\":\"CHROME_OS_LOGIN_EVENT\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1731072040000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_KIOSK_SESSION_LOGIN\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"-\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16033.51.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc77ae-ce6b-4857\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"test_org\"}]}]}",
"event": {
"action": "CHROME_OS_LOGIN_EVENT",
"category": [
"authentication"
],
"dataset": "admin#reports#activity",
"outcome": "success",
"reason": "CHROMEOS_KIOSK_SESSION_LOGIN",
"type": [
"start"
]
},
"@timestamp": "2024-11-08T13:20:40Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc77ae-ce6b-4857"
},
"google": {
"report": {
"events": [
{
"name": "CHROME_OS_LOGIN_EVENT",
"type": "CHROME_OS_LOGIN_LOGOUT_TYPE"
}
],
"parameters_all": [
{
"intValue": "1731072040000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_KIOSK_SESSION_LOGIN"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "-"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16033.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857"
},
{
"name": "ORG_UNIT_NAME",
"value": "test_org"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16033.51.0"
}
},
"network": {
"application": "chrome"
},
"organization": {
"name": "test_org"
},
"user": {
"id": "user1"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-05T11:58:46.000Z\",\"uniqueQualifier\":\"5756634282037777777777\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kD8ZfWJ2Smlh/sS5BbT29sC\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_LOGIN_LOGOUT_TYPE\",\"name\":\"CHROME_OS_LOGIN_FAILURE_EVENT\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1730800000000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_AFFILIATED_LOGIN\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"redacted\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16033.43.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"cbc28748-a199-47c1-b483-000000000000000000\"},{\"name\":\"LOGIN_FAILURE_REASON\",\"value\":\"AUTHENTICATION_ERROR\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"Microsoft\"}]}]}",
"event": {
"action": "CHROME_OS_LOGIN_FAILURE_EVENT",
"category": [
"authentication"
],
"dataset": "admin#reports#activity",
"outcome": "failure",
"reason": "CHROMEOS_AFFILIATED_LOGIN",
"type": [
"start"
]
},
"@timestamp": "2024-11-05T11:58:46Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "cbc28748-a199-47c1-b483-000000000000000000"
},
"google": {
"report": {
"events": [
{
"name": "CHROME_OS_LOGIN_FAILURE_EVENT",
"type": "CHROME_OS_LOGIN_LOGOUT_TYPE"
}
],
"login": {
"failure": {
"reason": "AUTHENTICATION_ERROR"
}
},
"parameters_all": [
{
"intValue": "1730800000000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_AFFILIATED_LOGIN"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16033.43.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "cbc28748-a199-47c1-b483-000000000000000000"
},
{
"name": "LOGIN_FAILURE_REASON",
"value": "AUTHENTICATION_ERROR"
},
{
"name": "ORG_UNIT_NAME",
"value": "Microsoft"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16033.43.0"
}
},
"network": {
"application": "chrome"
},
"organization": {
"name": "Microsoft"
},
"related": {
"user": [
"redacted"
]
},
"user": {
"id": "user1",
"name": "redacted"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-15T09:00:38.000Z\",\"uniqueQualifier\":\"-1434962671000000000000\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kD8ZfWJ2SmlhIiAAG/lzqsleRu67H0HaxvdOJ\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_LOGIN_LOGOUT_TYPE\",\"name\":\"CHROME_OS_LOGOUT_EVENT\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1728900000000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_AFFILIATED_LOGOUT\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"redacted\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.51.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc77ae-ce6b-4857-b741-f0000000000000000\"}]}]}",
"event": {
"action": "CHROME_OS_LOGOUT_EVENT",
"category": [
"authentication"
],
"dataset": "admin#reports#activity",
"outcome": "success",
"reason": "CHROMEOS_AFFILIATED_LOGOUT",
"type": [
"end"
]
},
"@timestamp": "2024-10-15T09:00:38Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc77ae-ce6b-4857-b741-f0000000000000000"
},
"google": {
"report": {
"events": [
{
"name": "CHROME_OS_LOGOUT_EVENT",
"type": "CHROME_OS_LOGIN_LOGOUT_TYPE"
}
],
"parameters_all": [
{
"intValue": "1728900000000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_AFFILIATED_LOGOUT"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857-b741-f0000000000000000"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.51.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"redacted"
]
},
"user": {
"id": "user1",
"name": "redacted"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-11T15:56:35.651Z\",\"uniqueQualifier\":\"2420143888886666888\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9AGttWx4uxgdiOjzAg0/qXWA2OAs3YpjtVNEo9y\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"redacted\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROMEOS_PERIPHERAL_ADDED_TYPE\",\"name\":\"CHROMEOS_PERIPHERAL_ADDED\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"122222225555\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_PERIPHERAL_ADDED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"redacted\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.44.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc7777-cccc-8888-7777-f16211111111b\"},{\"name\":\"PRODUCT_ID\",\"value\":\"222234\"},{\"name\":\"PRODUCT_NAME\",\"value\":\"USB2.0 FHD UVC WebCam\"},{\"name\":\"VENDOR_ID\",\"value\":\"0x222e\"},{\"name\":\"VENDOR_NAME\",\"value\":\"Sonix Technology Co., Ltd.\"}]}]}",
"event": {
"action": "CHROMEOS_PERIPHERAL_ADDED",
"category": [
"file"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_PERIPHERAL_ADDED",
"type": [
"creation"
]
},
"@timestamp": "2024-10-11T15:56:35.651000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc7777-cccc-8888-7777-f16211111111b",
"manufacturer": "Sonix Technology Co., Ltd.",
"model": {
"identifier": "222234",
"name": "USB2.0 FHD UVC WebCam"
}
},
"google": {
"report": {
"actor": {
"email": "redacted"
},
"events": [
{
"name": "CHROMEOS_PERIPHERAL_ADDED",
"type": "CHROMEOS_PERIPHERAL_ADDED_TYPE"
}
],
"parameters_all": [
{
"intValue": "122222225555",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_PERIPHERAL_ADDED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.44.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc7777-cccc-8888-7777-f16211111111b"
},
{
"name": "PRODUCT_ID",
"value": "222234"
},
{
"name": "PRODUCT_NAME",
"value": "USB2.0 FHD UVC WebCam"
},
{
"name": "VENDOR_ID",
"value": "0x222e"
},
{
"name": "VENDOR_NAME",
"value": "Sonix Technology Co., Ltd."
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.44.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"redacted"
]
},
"user": {
"id": "user1",
"name": "redacted"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-11T15:56:35.351Z\",\"uniqueQualifier\":\"2649444888333333335\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvAGttWx4uxgdiOjzAg0/DWFo8d88e_z7nQYg\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"redacted\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROMEOS_PERIPHERAL_REMOVED_TYPE\",\"name\":\"CHROMEOS_PERIPHERAL_REMOVED\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1728662555333\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_PERIPHERAL_REMOVED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"redacted\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.44.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc77ae-cccc-5555-7777-f1111122227b\"},{\"name\":\"PRODUCT_ID\",\"value\":\"0x2222\"},{\"name\":\"PRODUCT_NAME\",\"value\":\"\"},{\"name\":\"VENDOR_ID\",\"value\":\"0x2222\"},{\"name\":\"VENDOR_NAME\",\"value\":\"\"}]}]}",
"event": {
"action": "CHROMEOS_PERIPHERAL_REMOVED",
"category": [
"file"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_PERIPHERAL_REMOVED",
"type": [
"deletion"
]
},
"@timestamp": "2024-10-11T15:56:35.351000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc77ae-cccc-5555-7777-f1111122227b",
"model": {
"identifier": "0x2222"
}
},
"google": {
"report": {
"actor": {
"email": "redacted"
},
"events": [
{
"name": "CHROMEOS_PERIPHERAL_REMOVED",
"type": "CHROMEOS_PERIPHERAL_REMOVED_TYPE"
}
],
"parameters_all": [
{
"intValue": "1728662555333",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_PERIPHERAL_REMOVED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "redacted"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.44.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-cccc-5555-7777-f1111122227b"
},
{
"name": "PRODUCT_ID",
"value": "0x2222"
},
{
"name": "PRODUCT_NAME",
"value": ""
},
{
"name": "VENDOR_ID",
"value": "0x2222"
},
{
"name": "VENDOR_NAME",
"value": ""
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.44.0"
}
},
"network": {
"application": "chrome"
},
"related": {
"user": [
"redacted"
]
},
"user": {
"id": "user1",
"name": "redacted"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-08T13:17:42.050Z\",\"uniqueQualifier\":\"8215000000000000000\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zF\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROMEOS_PERIPHERAL_STATUS_UPDATED_TYPE\",\"name\":\"CHROMEOS_PERIPHERAL_STATUS_UPDATED\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1731071860000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_PERIPHERAL_STATUS_UPDATED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16033.51.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc77ae-ce6b-4857\"},{\"name\":\"ORG_UNIT_NAME\",\"value\":\"test_org\"},{\"name\":\"PRODUCT_ID\",\"value\":\"0x2\"},{\"name\":\"PRODUCT_NAME\",\"value\":\"2.0 root hub\"},{\"name\":\"VENDOR_ID\",\"value\":\"0x1ddd\"},{\"name\":\"VENDOR_NAME\",\"value\":\"Linux Foundation\"}]}]}",
"event": {
"action": "CHROMEOS_PERIPHERAL_STATUS_UPDATED",
"category": [
"file"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_PERIPHERAL_STATUS_UPDATED",
"type": [
"change"
]
},
"@timestamp": "2024-11-08T13:17:42.050000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc77ae-ce6b-4857",
"manufacturer": "Linux Foundation",
"model": {
"identifier": "0x2",
"name": "2.0 root hub"
}
},
"google": {
"report": {
"events": [
{
"name": "CHROMEOS_PERIPHERAL_STATUS_UPDATED",
"type": "CHROMEOS_PERIPHERAL_STATUS_UPDATED_TYPE"
}
],
"parameters_all": [
{
"intValue": "1731071860000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_PERIPHERAL_STATUS_UPDATED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16033.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857"
},
{
"name": "ORG_UNIT_NAME",
"value": "test_org"
},
{
"name": "PRODUCT_ID",
"value": "0x2"
},
{
"name": "PRODUCT_NAME",
"value": "2.0 root hub"
},
{
"name": "VENDOR_ID",
"value": "0x1ddd"
},
{
"name": "VENDOR_NAME",
"value": "Linux Foundation"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16033.51.0"
}
},
"network": {
"application": "chrome"
},
"organization": {
"name": "test_org"
},
"user": {
"id": "user1"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-15T09:09:42.884Z\",\"uniqueQualifier\":\"436275460544100000000\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfbtWx4uxgdiOjzAg0/175l0NK2JBeAcg\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROMEOS_POWERWASH_TYPE\",\"name\":\"CHROMEOS_POWERWASH_INITIATED\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"172898338222222\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_POWERWASH_INITIATED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"-\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.51.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc77ae-ce6b-4857-b741-f1621111111111111\"},{\"name\":\"REMOTE_REQUESTED\",\"value\":\"requested\"}]}]}",
"event": {
"action": "CHROMEOS_POWERWASH_INITIATED",
"category": [
"host"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_POWERWASH_INITIATED",
"type": [
"change"
]
},
"@timestamp": "2024-10-15T09:09:42.884000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc77ae-ce6b-4857-b741-f1621111111111111"
},
"google": {
"report": {
"events": [
{
"name": "CHROMEOS_POWERWASH_INITIATED",
"type": "CHROMEOS_POWERWASH_TYPE"
}
],
"parameters_all": [
{
"intValue": "172898338222222",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_POWERWASH_INITIATED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "-"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857-b741-f1621111111111111"
},
{
"name": "REMOTE_REQUESTED",
"value": "requested"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.51.0"
}
},
"network": {
"application": "chrome"
},
"user": {
"id": "user1"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-15T09:31:16.000Z\",\"uniqueQualifier\":\"-378806042057000000000000\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfb9kD8ZfWJ2Sml/mtgJ4U_Y-rfHYQ\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROME_OS_ADD_REMOVE_USER_TYPE\",\"name\":\"CHROME_OS_REMOVE_USER\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"1728900000000\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_UNAFFILIATED_USER_REMOVED\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"-\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.51.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc77ae-6666-7777-7777-3333333333333\"},{\"name\":\"REMOVE_USER_REASON\",\"value\":\"LOCAL_USER_INITIATED\"}]}]}",
"event": {
"action": "CHROME_OS_REMOVE_USER",
"category": [
"iam"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_UNAFFILIATED_USER_REMOVED",
"type": [
"deletion"
]
},
"@timestamp": "2024-10-15T09:31:16Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc77ae-6666-7777-7777-3333333333333"
},
"google": {
"report": {
"events": [
{
"name": "CHROME_OS_REMOVE_USER",
"type": "CHROME_OS_ADD_REMOVE_USER_TYPE"
}
],
"parameters_all": [
{
"intValue": "1728900000000",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_UNAFFILIATED_USER_REMOVED"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "-"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.51.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-6666-7777-7777-3333333333333"
},
{
"name": "REMOVE_USER_REASON",
"value": "LOCAL_USER_INITIATED"
}
],
"remove": {
"user": {
"reason": "LOCAL_USER_INITIATED"
}
}
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.51.0"
}
},
"network": {
"application": "chrome"
},
"user": {
"id": "user1"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-14T09:17:57.384Z\",\"uniqueQualifier\":\"68200096415770000\",\"applicationName\":\"chrome\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"vj4PvLCfiAAGttWx4uxgdiOjzAg0/bTMQuHA7m4d1RjZ8u\\\"\",\"actor\":{\"callerType\":\"USER\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"CHROMEOS_UPDATE_TYPE\",\"name\":\"CHROMEOS_UPDATE_SUCCESS\",\"parameters\":[{\"name\":\"TIMESTAMP\",\"intValue\":\"7778897477777\"},{\"name\":\"EVENT_REASON\",\"value\":\"CHROMEOS_UPDATE_SUCCESS\"},{\"name\":\"DEVICE_NAME\",\"value\":\"example.com\"},{\"name\":\"DEVICE_USER\",\"value\":\"-\"},{\"name\":\"CLIENT_TYPE\",\"value\":\"CHROME_OS_DEVICE\"},{\"name\":\"CURRENT_OS_VERSION\",\"value\":\"16002.51.0\"},{\"name\":\"DEVICE_PLATFORM\",\"value\":\"ChromeOS 16002.44.0\"},{\"name\":\"DIRECTORY_DEVICE_ID\",\"value\":\"4ebc77ae-ce6b-4857-b0000-f00000000000\"},{\"name\":\"PREVIOUS_OS_VERSION\",\"value\":\"16002.44.0\"}]}]}",
"event": {
"action": "CHROMEOS_UPDATE_SUCCESS",
"category": [
"host"
],
"dataset": "admin#reports#activity",
"reason": "CHROMEOS_UPDATE_SUCCESS",
"type": [
"change"
]
},
"@timestamp": "2024-10-14T09:17:57.384000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"device": {
"id": "4ebc77ae-ce6b-4857-b0000-f00000000000"
},
"google": {
"report": {
"events": [
{
"name": "CHROMEOS_UPDATE_SUCCESS",
"type": "CHROMEOS_UPDATE_TYPE"
}
],
"host": {
"os": {
"old_version": "16002.44.0"
}
},
"parameters_all": [
{
"intValue": "7778897477777",
"name": "TIMESTAMP"
},
{
"name": "EVENT_REASON",
"value": "CHROMEOS_UPDATE_SUCCESS"
},
{
"name": "DEVICE_NAME",
"value": "example.com"
},
{
"name": "DEVICE_USER",
"value": "-"
},
{
"name": "CLIENT_TYPE",
"value": "CHROME_OS_DEVICE"
},
{
"name": "CURRENT_OS_VERSION",
"value": "16002.51.0"
},
{
"name": "DEVICE_PLATFORM",
"value": "ChromeOS 16002.44.0"
},
{
"name": "DIRECTORY_DEVICE_ID",
"value": "4ebc77ae-ce6b-4857-b0000-f00000000000"
},
{
"name": "PREVIOUS_OS_VERSION",
"value": "16002.44.0"
}
]
}
},
"host": {
"name": "example.com",
"os": {
"full": "ChromeOS 16002.44.0",
"version": "16002.51.0"
}
},
"network": {
"application": "chrome"
},
"user": {
"id": "user1"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2025-03-18T13:32:31.497Z\",\"uniqueQualifier\":\"-6347820133480887822\",\"applicationName\":\"admin\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"johndoe@example.com\",\"profileId\":\"user1\"},\"ipAddress\":\"1.2.3.4\",\"events\":[{\"type\":\"USER_SETTINGS\",\"name\":\"DELETE_USER\",\"parameters\":[{\"name\":\"USER_EMAIL\",\"value\":\"janedoe@example.com\"}]}]}",
"event": {
"action": "DELETE_USER",
"category": [
"configuration"
],
"dataset": "admin#reports#activity",
"type": [
"deletion"
]
},
"@timestamp": "2025-03-18T13:32:31.497000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "johndoe@example.com"
},
"events": [
{
"name": "DELETE_USER",
"type": "USER_SETTINGS"
}
],
"parameters_all": [
{
"name": "USER_EMAIL",
"value": "janedoe@example.com"
}
]
}
},
"network": {
"application": "admin"
},
"related": {
"ip": [
"1.2.3.4"
],
"user": [
"johndoe"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"domain": "example.com",
"email": "johndoe@example.com",
"id": "user1",
"name": "johndoe",
"target": {
"email": "janedoe@example.com"
}
}
}
{
"message": "{\"kind\":\"audit#activity\",\"id\":{\"time\":\"2014-03-17T15:39:18.460Z\",\"uniqQualifier\":\"reports unique ID\",\"applicationName\":\"drive\",\"customerId\":\"ANONYMIZED\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"johndoe@example.com\",\"profileId\":\"user1\",\"key\":\"consumer key of requestor in an OAuth 2LO request\"},\"ownerDomain\":\"domain of the source owner\",\"ipAddress\":\"1.2.3.4\",\"events\":[{\"type\":\"access\",\"name\":\"edit\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"billable\",\"boolValue\":true},{\"name\":\"owner_is_shared_drive\",\"boolValue\":true},{\"name\":\"owner_team_drive_id\",\"value\":\"AAAAAALLLLLL\"},{\"name\":\"owner\",\"value\":\"RH \"},{\"name\":\"doc_id\",\"value\":\"5555763535\"},{\"name\":\"doc_type\",\"value\":\"folder\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"Divers\"},{\"name\":\"visibility\",\"value\":\"shared_internally\"},{\"name\":\"shared_drive_id\",\"value\":\"112-EIUBHDIUBEBUD\"},{\"name\":\"originating_app_id\",\"value\":\"691301496089\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":true},{\"name\":\"team_drive_id\",\"value\":\"111-EIUBHDIUBEBUD\"}]}]}",
"event": {
"action": "edit",
"category": [
"file"
],
"dataset": "audit#activity",
"type": [
"access",
"change"
]
},
"@timestamp": "2014-03-17T15:39:18.460000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"file": {
"gid": "AAAAAALLLLLL",
"name": "Divers",
"owner": "RH ",
"type": "folder"
},
"google": {
"report": {
"actor": {
"email": "johndoe@example.com"
},
"events": [
{
"name": "edit",
"type": "access"
}
],
"parameters": {
"visibility": "shared_internally"
},
"parameters_all": [
{
"boolValue": true,
"name": "primary_event"
},
{
"boolValue": true,
"name": "billable"
},
{
"boolValue": true,
"name": "owner_is_shared_drive"
},
{
"name": "owner_team_drive_id",
"value": "AAAAAALLLLLL"
},
{
"name": "owner",
"value": "RH "
},
{
"name": "doc_id",
"value": "5555763535"
},
{
"name": "doc_type",
"value": "folder"
},
{
"boolValue": false,
"name": "is_encrypted"
},
{
"name": "doc_title",
"value": "Divers"
},
{
"name": "visibility",
"value": "shared_internally"
},
{
"name": "shared_drive_id",
"value": "112-EIUBHDIUBEBUD"
},
{
"name": "originating_app_id",
"value": "691301496089"
},
{
"boolValue": false,
"name": "actor_is_collaborator_account"
},
{
"boolValue": true,
"name": "owner_is_team_drive"
},
{
"name": "team_drive_id",
"value": "111-EIUBHDIUBEBUD"
}
]
}
},
"network": {
"application": "drive"
},
"related": {
"ip": [
"1.2.3.4"
],
"user": [
"RH ",
"johndoe"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"domain": "example.com",
"email": "johndoe@example.com",
"id": "user1",
"name": "johndoe"
}
}
{
"message": "{\"kind\":\"audit#activity\",\"id\":{\"time\":\"2014-03-17T15:39:18.460Z\",\"uniqQualifier\":\"reports unique ID\",\"applicationName\":\"drive\",\"customerId\":\"ANONYMIZED\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"johndoe@example.com\",\"profileId\":\"user1\",\"key\":\"consumer key of requestor in an OAuth 2LO request\"},\"ownerDomain\":\"domain of the source owner\",\"ipAddress\":\"1.2.3.4\",\"events\":[{\"type\":\"access\",\"name\":\"edit\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1DWuYM3ot_sAyEQqOz0xWJ9bVMSYzOmRNeBqbgtSwuK8\"},{\"name\":\"doc_title\",\"value\":\"Meeting notes\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"owner\",\"value\":\"mary@example.com\"}]}]}",
"event": {
"action": "edit",
"category": [
"file"
],
"dataset": "audit#activity",
"type": [
"access",
"change"
]
},
"@timestamp": "2014-03-17T15:39:18.460000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"file": {
"name": "Meeting notes",
"owner": "mary@example.com",
"type": "document"
},
"google": {
"report": {
"actor": {
"email": "johndoe@example.com"
},
"events": [
{
"name": "edit",
"type": "access"
}
],
"parameters_all": [
{
"boolValue": true,
"name": "primary_event"
},
{
"boolValue": false,
"name": "owner_is_shared_drive"
},
{
"name": "doc_id",
"value": "1DWuYM3ot_sAyEQqOz0xWJ9bVMSYzOmRNeBqbgtSwuK8"
},
{
"name": "doc_title",
"value": "Meeting notes"
},
{
"name": "doc_type",
"value": "document"
},
{
"name": "owner",
"value": "mary@example.com"
}
]
}
},
"network": {
"application": "drive"
},
"related": {
"ip": [
"1.2.3.4"
],
"user": [
"johndoe",
"mary@example.com"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"domain": "example.com",
"email": "johndoe@example.com",
"id": "user1",
"name": "johndoe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2025-02-18T17:10:20.317Z\",\"uniqueQualifier\":\"-12345678\",\"applicationName\":\"drive\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"ABCDEF123\\\"\",\"actor\":{\"email\":\"\",\"profileId\":\"105250506097979753968\"},\"events\":[{\"type\":\"access\",\"name\":\"sheets_import_range\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"sheets_import_range_recipient_doc\",\"value\":\"123qwerty456\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":true},{\"name\":\"owner_team_drive_id\",\"value\":\"asdf678\"},{\"name\":\"owner\",\"value\":\"johndoe\"},{\"name\":\"doc_id\",\"value\":\"zxcv890\"},{\"name\":\"doc_type\",\"value\":\"spreadsheet\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"TPS report\"},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"shared_drive_id\",\"value\":\"asdf678\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":true},{\"name\":\"team_drive_id\",\"value\":\"asdf678\"}]}]}",
"event": {
"action": "sheets_import_range",
"category": [
"file"
],
"dataset": "admin#reports#activity",
"type": [
"access"
]
},
"@timestamp": "2025-02-18T17:10:20.317000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"file": {
"gid": "asdf678",
"name": "TPS report",
"owner": "johndoe",
"type": "spreadsheet"
},
"google": {
"report": {
"events": [
{
"name": "sheets_import_range",
"type": "access"
}
],
"parameters": {
"visibility": "people_with_link"
},
"parameters_all": [
{
"boolValue": true,
"name": "primary_event"
},
{
"boolValue": false,
"name": "billable"
},
{
"name": "sheets_import_range_recipient_doc",
"value": "123qwerty456"
},
{
"boolValue": true,
"name": "owner_is_shared_drive"
},
{
"name": "owner_team_drive_id",
"value": "asdf678"
},
{
"name": "owner",
"value": "johndoe"
},
{
"name": "doc_id",
"value": "zxcv890"
},
{
"name": "doc_type",
"value": "spreadsheet"
},
{
"boolValue": false,
"name": "is_encrypted"
},
{
"name": "doc_title",
"value": "TPS report"
},
{
"name": "visibility",
"value": "people_with_link"
},
{
"name": "shared_drive_id",
"value": "asdf678"
},
{
"boolValue": false,
"name": "actor_is_collaborator_account"
},
{
"boolValue": true,
"name": "owner_is_team_drive"
},
{
"name": "team_drive_id",
"value": "asdf678"
}
]
}
},
"network": {
"application": "drive"
},
"related": {
"user": [
"johndoe"
]
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2025-12-08T07:12:18.897Z\",\"uniqueQualifier\":\"-2222222222222222222\",\"applicationName\":\"drive\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"Abc/Def\\\"\",\"actor\":{\"email\":\"john.doe@example.com\",\"profileId\":\"111111111111111111111\"},\"events\":[{\"type\":\"access\",\"name\":\"label_field_changed\",\"parameters\":[{\"name\":\"label\",\"value\":\"labels/A1B2C3@83\"},{\"name\":\"label_title\",\"value\":\"Classification\"},{\"name\":\"reason\",\"value\":\"user_action\"},{\"name\":\"field_id\",\"value\":\"ABCD1234\"},{\"name\":\"field\",\"value\":\"Classification\"},{\"name\":\"new_value\",\"multiValue\":[\"C0 Public\"]},{\"name\":\"old_value\",\"multiValue\":[\"C1 Restricted\"]},{\"name\":\"new_value_id\",\"multiValue\":[\"DEF123\"]},{\"name\":\"old_value_id\",\"multiValue\":[\"TEST123\"]},{\"name\":\"new_field_value\",\"multiValue\":[\"DEF123\"]},{\"name\":\"old_field_value\",\"multiValue\":[\"TEST123\"]},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"owner\",\"value\":\"john.doe@example.com\"},{\"name\":\"doc_id\",\"value\":\"DOCUMENTID\"},{\"name\":\"doc_type\",\"value\":\"spreadsheet\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"tps report\"},{\"name\":\"visibility\",\"value\":\"private\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":false}],\"resourceIds\":[\"DOCUMENTID\"]}],\"resourceDetails\":[{\"id\":\"DOCUMENTID\",\"title\":\"tps report\",\"type\":\"DRIVE_ITEM\",\"relation\":\"DRIVE_PRIMARY\",\"appliedLabels\":[{\"id\":\"ANONYMIZED\",\"title\":\"Classification\",\"reason\":{\"reasonType\":\"USER_APPLIED\"},\"fieldValues\":[{\"id\":\"ABCD1234\",\"displayName\":\"Classification\",\"type\":\"SELECTION\",\"selectionValue\":{\"id\":\"DEF123\",\"displayName\":\"C0 Public\",\"badged\":true},\"reason\":{\"reasonType\":\"USER_APPLIED\"}}]}]}]}",
"event": {
"action": "label_field_changed",
"category": [
"file"
],
"dataset": "admin#reports#activity",
"type": [
"access"
]
},
"@timestamp": "2025-12-08T07:12:18.897000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"file": {
"name": "tps report",
"owner": "john.doe@example.com",
"type": "spreadsheet"
},
"google": {
"report": {
"actor": {
"email": "john.doe@example.com"
},
"drive": {
"new_classification": [
"C0 Public"
],
"old_classification": [
"C1 Restricted"
]
},
"events": [
{
"name": "label_field_changed",
"type": "access"
}
],
"parameters": {
"visibility": "private"
},
"parameters_all": [
{
"name": "label",
"value": "labels/A1B2C3@83"
},
{
"name": "label_title",
"value": "Classification"
},
{
"name": "reason",
"value": "user_action"
},
{
"name": "field_id",
"value": "ABCD1234"
},
{
"name": "field",
"value": "Classification"
},
{
"multiValue": [
"C0 Public"
],
"name": "new_value"
},
{
"multiValue": [
"C1 Restricted"
],
"name": "old_value"
},
{
"multiValue": [
"DEF123"
],
"name": "new_value_id"
},
{
"multiValue": [
"TEST123"
],
"name": "old_value_id"
},
{
"multiValue": [
"DEF123"
],
"name": "new_field_value"
},
{
"multiValue": [
"TEST123"
],
"name": "old_field_value"
},
{
"boolValue": true,
"name": "primary_event"
},
{
"boolValue": false,
"name": "owner_is_shared_drive"
},
{
"name": "owner",
"value": "john.doe@example.com"
},
{
"name": "doc_id",
"value": "DOCUMENTID"
},
{
"name": "doc_type",
"value": "spreadsheet"
},
{
"boolValue": false,
"name": "is_encrypted"
},
{
"name": "doc_title",
"value": "tps report"
},
{
"name": "visibility",
"value": "private"
},
{
"boolValue": false,
"name": "actor_is_collaborator_account"
},
{
"boolValue": false,
"name": "owner_is_team_drive"
}
]
}
},
"network": {
"application": "drive"
},
"related": {
"user": [
"john.doe",
"john.doe@example.com"
]
},
"user": {
"domain": "example.com",
"email": "john.doe@example.com",
"id": "111111111111111111111",
"name": "john.doe"
}
}
{
"message": "{\n \"kind\": \"admin#reports#activity\",\n \"id\": {\n \"time\": \"2023-09-04T08:42:51.615Z\",\n \"uniqueQualifier\": \"-2222222222222222222\",\n \"applicationName\": \"drive\",\n \"customerId\": \"111111111\"\n },\n \"actor\": {\n \"email\": \"john.doe@example.org\",\n \"profileId\": \"444444444444444444444\"\n },\n \"ipAddress\": \"1.2.3.4\",\n \"events\": [\n {\n \"type\": \"access\",\n \"name\": \"view\",\n \"parameters\": [\n {\n \"name\": \"primary_event\",\n \"boolValue\": true\n },\n {\n \"name\": \"billable\",\n \"boolValue\": true\n },\n {\n \"name\": \"owner_is_shared_drive\",\n \"boolValue\": true\n },\n {\n \"name\": \"owner_team_drive_id\",\n \"value\": \"DDD_111111111111111\"\n },\n {\n \"name\": \"owner\",\n \"value\": \"J.DOE\"\n },\n {\n \"name\": \"doc_id\",\n \"value\": \"333333333333333333333333333333333\"\n },\n {\n \"name\": \"doc_type\",\n \"value\": \"folder\"\n },\n {\n \"name\": \"is_encrypted\",\n \"boolValue\": false\n },\n {\n \"name\": \"doc_title\",\n \"value\": \"MyDocs\"\n },\n {\n \"name\": \"visibility\",\n \"value\": \"people_within_domain_with_link\"\n },\n {\n \"name\": \"shared_drive_id\",\n \"value\": \"DDD_222222222222222\"\n },\n {\n \"name\": \"originating_app_id\",\n \"value\": \"666666666666\"\n },\n {\n \"name\": \"actor_is_collaborator_account\",\n \"boolValue\": false\n },\n {\n \"name\": \"owner_is_team_drive\",\n \"boolValue\": true\n },\n {\n \"name\": \"team_drive_id\",\n \"value\": \"DDD_888888888888888\"\n }\n ]\n }\n ]\n}\n",
"event": {
"action": "view",
"category": [
"file"
],
"dataset": "admin#reports#activity",
"type": [
"access"
]
},
"@timestamp": "2023-09-04T08:42:51.615000Z",
"cloud": {
"account": {
"id": "111111111"
}
},
"file": {
"gid": "DDD_111111111111111",
"name": "MyDocs",
"owner": "J.DOE",
"type": "folder"
},
"google": {
"report": {
"actor": {
"email": "john.doe@example.org"
},
"events": [
{
"name": "view",
"type": "access"
}
],
"parameters": {
"visibility": "people_within_domain_with_link"
},
"parameters_all": [
{
"boolValue": true,
"name": "primary_event"
},
{
"boolValue": true,
"name": "billable"
},
{
"boolValue": true,
"name": "owner_is_shared_drive"
},
{
"name": "owner_team_drive_id",
"value": "DDD_111111111111111"
},
{
"name": "owner",
"value": "J.DOE"
},
{
"name": "doc_id",
"value": "333333333333333333333333333333333"
},
{
"name": "doc_type",
"value": "folder"
},
{
"boolValue": false,
"name": "is_encrypted"
},
{
"name": "doc_title",
"value": "MyDocs"
},
{
"name": "visibility",
"value": "people_within_domain_with_link"
},
{
"name": "shared_drive_id",
"value": "DDD_222222222222222"
},
{
"name": "originating_app_id",
"value": "666666666666"
},
{
"boolValue": false,
"name": "actor_is_collaborator_account"
},
{
"boolValue": true,
"name": "owner_is_team_drive"
},
{
"name": "team_drive_id",
"value": "DDD_888888888888888"
}
]
}
},
"network": {
"application": "drive"
},
"related": {
"ip": [
"1.2.3.4"
],
"user": [
"J.DOE",
"john.doe"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"domain": "example.org",
"email": "john.doe@example.org",
"id": "444444444444444444444",
"name": "john.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-14T12:07:37.366Z\",\"uniqueQualifier\":\"-3853857772415670247\",\"applicationName\":\"meet\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ/t2tqco4M6QzgpdeZHhmJy_6yJUU\\\"\",\"actor\":{\"callerType\":\"KEY\",\"key\":\"HANGOUTS_EXTERNAL_OR_ANONYMOUS\"},\"events\":[{\"type\":\"call\",\"name\":\"call_ended\",\"parameters\":[{\"name\":\"video_send_seconds\",\"intValue\":\"173\"},{\"name\":\"screencast_recv_bitrate_kbps_mean\",\"intValue\":\"61\"},{\"name\":\"location_country\",\"value\":\"FR\"},{\"name\":\"identifier_type\",\"value\":\"device_id\"},{\"name\":\"audio_send_bitrate_kbps_mean\",\"intValue\":\"0\"},{\"name\":\"video_send_packet_loss_max\",\"intValue\":\"2\"},{\"name\":\"endpoint_id\",\"value\":\"boq_hlane_QGKxiQcCZvF\"},{\"name\":\"device_type\",\"value\":\"meet_hardware\"},{\"name\":\"video_send_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"screencast_recv_long_side_median_pixels\",\"intValue\":\"1568\"},{\"name\":\"calendar_event_id\",\"value\":\"3ckjqg60dq5j4eu9cgjtdb396c\"},{\"name\":\"screencast_send_seconds\",\"intValue\":\"0\"},{\"name\":\"video_send_fps_mean\",\"intValue\":\"30\"},{\"name\":\"audio_send_packet_loss_max\",\"intValue\":\"0\"},{\"name\":\"network_send_jitter_msec_mean\",\"intValue\":\"1\"},{\"name\":\"screencast_recv_fps_mean\",\"intValue\":\"29\"},{\"name\":\"audio_recv_seconds\",\"intValue\":\"33\"},{\"name\":\"network_congestion\",\"intValue\":\"0\"},{\"name\":\"network_estimated_download_kbps_mean\",\"intValue\":\"74\"},{\"name\":\"audio_send_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"network_transport_protocol\",\"value\":\"udp\"},{\"name\":\"duration_seconds\",\"intValue\":\"15317\"},{\"name\":\"video_send_bitrate_kbps_mean\",\"intValue\":\"19\"},{\"name\":\"identifier\",\"value\":\"644e7990-c69d-4e09-8cd2-6ae52406c21c\"},{\"name\":\"location_region\",\"value\":\"Paris\"},{\"name\":\"audio_recv_packet_loss_max\",\"intValue\":\"0\"},{\"name\":\"audio_recv_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"network_recv_jitter_msec_max\",\"intValue\":\"2\"},{\"name\":\"organizer_email\",\"value\":\"redacted\"},{\"name\":\"screencast_recv_short_side_median_pixels\",\"intValue\":\"980\"},{\"name\":\"is_external\",\"boolValue\":false},{\"name\":\"network_recv_jitter_msec_mean\",\"intValue\":\"1\"},{\"name\":\"ip_address\",\"value\":\"1.2.3.4\"},{\"name\":\"audio_send_seconds\",\"intValue\":\"15316\"},{\"name\":\"display_name\",\"value\":\"OLYMPUS (Paris-106T, 8)\"},{\"name\":\"screencast_recv_packet_loss_max\",\"intValue\":\"0\"},{\"name\":\"video_recv_seconds\",\"intValue\":\"0\"},{\"name\":\"network_rtt_msec_mean\",\"intValue\":\"8\"},{\"name\":\"video_send_long_side_median_pixels\",\"intValue\":\"320\"},{\"name\":\"screencast_recv_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"conference_id\",\"value\":\"rJ7fsV2IE2eFwTlTZ88tDxIQOAIIigIgABgDCA\"},{\"name\":\"screencast_recv_seconds\",\"intValue\":\"14874\"},{\"name\":\"product_type\",\"value\":\"meet\"},{\"name\":\"network_estimated_upload_kbps_mean\",\"intValue\":\"7\"},{\"name\":\"video_send_short_side_median_pixels\",\"intValue\":\"180\"},{\"name\":\"meeting_code\",\"value\":\"ABCDEFGHIJ\"}]}]}",
"event": {
"action": "call_ended",
"category": [
"session"
],
"dataset": "admin#reports#activity",
"type": [
"connection"
]
},
"@timestamp": "2024-11-14T12:07:37.366000Z",
"client": {
"geo": {
"region_name": "Paris"
}
},
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"events": [
{
"name": "call_ended",
"type": "call"
}
],
"meet": {
"code": "ABCDEFGHIJ"
},
"parameters_all": [
{
"intValue": "173",
"name": "video_send_seconds"
},
{
"intValue": "61",
"name": "screencast_recv_bitrate_kbps_mean"
},
{
"name": "location_country",
"value": "FR"
},
{
"name": "identifier_type",
"value": "device_id"
},
{
"intValue": "0",
"name": "audio_send_bitrate_kbps_mean"
},
{
"intValue": "2",
"name": "video_send_packet_loss_max"
},
{
"name": "endpoint_id",
"value": "boq_hlane_QGKxiQcCZvF"
},
{
"name": "device_type",
"value": "meet_hardware"
},
{
"intValue": "0",
"name": "video_send_packet_loss_mean"
},
{
"intValue": "1568",
"name": "screencast_recv_long_side_median_pixels"
},
{
"name": "calendar_event_id",
"value": "3ckjqg60dq5j4eu9cgjtdb396c"
},
{
"intValue": "0",
"name": "screencast_send_seconds"
},
{
"intValue": "30",
"name": "video_send_fps_mean"
},
{
"intValue": "0",
"name": "audio_send_packet_loss_max"
},
{
"intValue": "1",
"name": "network_send_jitter_msec_mean"
},
{
"intValue": "29",
"name": "screencast_recv_fps_mean"
},
{
"intValue": "33",
"name": "audio_recv_seconds"
},
{
"intValue": "0",
"name": "network_congestion"
},
{
"intValue": "74",
"name": "network_estimated_download_kbps_mean"
},
{
"intValue": "0",
"name": "audio_send_packet_loss_mean"
},
{
"name": "network_transport_protocol",
"value": "udp"
},
{
"intValue": "15317",
"name": "duration_seconds"
},
{
"intValue": "19",
"name": "video_send_bitrate_kbps_mean"
},
{
"name": "identifier",
"value": "644e7990-c69d-4e09-8cd2-6ae52406c21c"
},
{
"name": "location_region",
"value": "Paris"
},
{
"intValue": "0",
"name": "audio_recv_packet_loss_max"
},
{
"intValue": "0",
"name": "audio_recv_packet_loss_mean"
},
{
"intValue": "2",
"name": "network_recv_jitter_msec_max"
},
{
"name": "organizer_email",
"value": "redacted"
},
{
"intValue": "980",
"name": "screencast_recv_short_side_median_pixels"
},
{
"boolValue": false,
"name": "is_external"
},
{
"intValue": "1",
"name": "network_recv_jitter_msec_mean"
},
{
"name": "ip_address",
"value": "1.2.3.4"
},
{
"intValue": "15316",
"name": "audio_send_seconds"
},
{
"name": "display_name",
"value": "OLYMPUS (Paris-106T, 8)"
},
{
"intValue": "0",
"name": "screencast_recv_packet_loss_max"
},
{
"intValue": "0",
"name": "video_recv_seconds"
},
{
"intValue": "8",
"name": "network_rtt_msec_mean"
},
{
"intValue": "320",
"name": "video_send_long_side_median_pixels"
},
{
"intValue": "0",
"name": "screencast_recv_packet_loss_mean"
},
{
"name": "conference_id",
"value": "rJ7fsV2IE2eFwTlTZ88tDxIQOAIIigIgABgDCA"
},
{
"intValue": "14874",
"name": "screencast_recv_seconds"
},
{
"name": "product_type",
"value": "meet"
},
{
"intValue": "7",
"name": "network_estimated_upload_kbps_mean"
},
{
"intValue": "180",
"name": "video_send_short_side_median_pixels"
},
{
"name": "meeting_code",
"value": "ABCDEFGHIJ"
}
]
}
},
"network": {
"application": "meet",
"transport": "udp"
},
"related": {
"ip": [
"1.2.3.4"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"email": "redacted"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-14T11:32:12.301Z\",\"uniqueQualifier\":\"-6765941919309710661\",\"applicationName\":\"meet\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ/kViPYXKeNuJj3LiW54AIt7GLiR4\\\"\",\"actor\":{\"callerType\":\"KEY\",\"key\":\"HANGOUTS_EXTERNAL_OR_ANONYMOUS\"},\"events\":[{\"type\":\"call\",\"name\":\"call_ended\",\"parameters\":[{\"name\":\"video_send_seconds\",\"intValue\":\"725\"},{\"name\":\"audio_send_bitrate_kbps_mean\",\"intValue\":\"13\"},{\"name\":\"video_send_packet_loss_max\",\"intValue\":\"0\"},{\"name\":\"endpoint_id\",\"value\":\"boq_hlane_UJtqXZcvBo3\"},{\"name\":\"device_type\",\"value\":\"web\"},{\"name\":\"video_send_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"video_recv_long_side_median_pixels\",\"intValue\":\"480\"},{\"name\":\"calendar_event_id\",\"value\":\"6cm94j8lp55a9880oj2o0rb3e6\"},{\"name\":\"screencast_send_seconds\",\"intValue\":\"0\"},{\"name\":\"video_send_fps_mean\",\"intValue\":\"30\"},{\"name\":\"audio_send_packet_loss_max\",\"intValue\":\"0\"},{\"name\":\"video_recv_short_side_median_pixels\",\"intValue\":\"270\"},{\"name\":\"video_recv_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"network_send_jitter_msec_mean\",\"intValue\":\"1\"},{\"name\":\"audio_recv_seconds\",\"intValue\":\"3647\"},{\"name\":\"network_congestion\",\"intValue\":\"0\"},{\"name\":\"network_estimated_download_kbps_mean\",\"intValue\":\"1158\"},{\"name\":\"audio_send_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"network_transport_protocol\",\"value\":\"tcp\"},{\"name\":\"duration_seconds\",\"intValue\":\"3651\"},{\"name\":\"video_send_bitrate_kbps_mean\",\"intValue\":\"375\"},{\"name\":\"audio_recv_packet_loss_max\",\"intValue\":\"9\"},{\"name\":\"video_recv_fps_mean\",\"intValue\":\"23\"},{\"name\":\"audio_recv_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"network_recv_jitter_msec_max\",\"intValue\":\"98\"},{\"name\":\"organizer_email\",\"value\":\"redacted\"},{\"name\":\"is_external\",\"boolValue\":true},{\"name\":\"network_recv_jitter_msec_mean\",\"intValue\":\"3\"},{\"name\":\"audio_send_seconds\",\"intValue\":\"3647\"},{\"name\":\"display_name\",\"value\":\"Yuki\"},{\"name\":\"video_recv_seconds\",\"intValue\":\"3638\"},{\"name\":\"network_rtt_msec_mean\",\"intValue\":\"11\"},{\"name\":\"video_send_long_side_median_pixels\",\"intValue\":\"480\"},{\"name\":\"conference_id\",\"value\":\"aSABpyKZtlKN_wqM98PaDxIXOAIIigIgABgDCA\"},{\"name\":\"screencast_recv_seconds\",\"intValue\":\"3627\"},{\"name\":\"product_type\",\"value\":\"meet\"},{\"name\":\"network_estimated_upload_kbps_mean\",\"intValue\":\"105\"},{\"name\":\"video_send_short_side_median_pixels\",\"intValue\":\"270\"},{\"name\":\"video_recv_packet_loss_max\",\"intValue\":\"0\"},{\"name\":\"meeting_code\",\"value\":\"BUSOHGFTVB\"}]}]}",
"event": {
"action": "call_ended",
"category": [
"session"
],
"dataset": "admin#reports#activity",
"type": [
"connection"
]
},
"@timestamp": "2024-11-14T11:32:12.301000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"events": [
{
"name": "call_ended",
"type": "call"
}
],
"meet": {
"code": "BUSOHGFTVB"
},
"parameters_all": [
{
"intValue": "725",
"name": "video_send_seconds"
},
{
"intValue": "13",
"name": "audio_send_bitrate_kbps_mean"
},
{
"intValue": "0",
"name": "video_send_packet_loss_max"
},
{
"name": "endpoint_id",
"value": "boq_hlane_UJtqXZcvBo3"
},
{
"name": "device_type",
"value": "web"
},
{
"intValue": "0",
"name": "video_send_packet_loss_mean"
},
{
"intValue": "480",
"name": "video_recv_long_side_median_pixels"
},
{
"name": "calendar_event_id",
"value": "6cm94j8lp55a9880oj2o0rb3e6"
},
{
"intValue": "0",
"name": "screencast_send_seconds"
},
{
"intValue": "30",
"name": "video_send_fps_mean"
},
{
"intValue": "0",
"name": "audio_send_packet_loss_max"
},
{
"intValue": "270",
"name": "video_recv_short_side_median_pixels"
},
{
"intValue": "0",
"name": "video_recv_packet_loss_mean"
},
{
"intValue": "1",
"name": "network_send_jitter_msec_mean"
},
{
"intValue": "3647",
"name": "audio_recv_seconds"
},
{
"intValue": "0",
"name": "network_congestion"
},
{
"intValue": "1158",
"name": "network_estimated_download_kbps_mean"
},
{
"intValue": "0",
"name": "audio_send_packet_loss_mean"
},
{
"name": "network_transport_protocol",
"value": "tcp"
},
{
"intValue": "3651",
"name": "duration_seconds"
},
{
"intValue": "375",
"name": "video_send_bitrate_kbps_mean"
},
{
"intValue": "9",
"name": "audio_recv_packet_loss_max"
},
{
"intValue": "23",
"name": "video_recv_fps_mean"
},
{
"intValue": "0",
"name": "audio_recv_packet_loss_mean"
},
{
"intValue": "98",
"name": "network_recv_jitter_msec_max"
},
{
"name": "organizer_email",
"value": "redacted"
},
{
"boolValue": true,
"name": "is_external"
},
{
"intValue": "3",
"name": "network_recv_jitter_msec_mean"
},
{
"intValue": "3647",
"name": "audio_send_seconds"
},
{
"name": "display_name",
"value": "Yuki"
},
{
"intValue": "3638",
"name": "video_recv_seconds"
},
{
"intValue": "11",
"name": "network_rtt_msec_mean"
},
{
"intValue": "480",
"name": "video_send_long_side_median_pixels"
},
{
"name": "conference_id",
"value": "aSABpyKZtlKN_wqM98PaDxIXOAIIigIgABgDCA"
},
{
"intValue": "3627",
"name": "screencast_recv_seconds"
},
{
"name": "product_type",
"value": "meet"
},
{
"intValue": "105",
"name": "network_estimated_upload_kbps_mean"
},
{
"intValue": "270",
"name": "video_send_short_side_median_pixels"
},
{
"intValue": "0",
"name": "video_recv_packet_loss_max"
},
{
"name": "meeting_code",
"value": "BUSOHGFTVB"
}
]
}
},
"network": {
"application": "meet",
"transport": "tcp"
},
"user": {
"email": "redacted"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2025-02-18T16:00:24.311Z\",\"uniqueQualifier\":\"-123456\",\"applicationName\":\"groups_enterprise\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"ABCDEF123\\\"\",\"actor\":{\"callerType\":\"KEY\",\"key\":\"SYSTEM\"},\"events\":[{\"type\":\"moderator_action\",\"name\":\"remove_user\",\"parameters\":[{\"name\":\"member_id\",\"value\":\"john.doe@example.com\"},{\"name\":\"group_id\",\"value\":\"team@example.com\"},{\"name\":\"member_type\",\"value\":\"user\"}]},{\"type\":\"moderator_action\",\"name\":\"remove_member\",\"parameters\":[{\"name\":\"member_id\",\"value\":\"john.doe@example.com\"},{\"name\":\"group_id\",\"value\":\"team@example.com\"},{\"name\":\"member_type\",\"value\":\"user\"}]}]}",
"event": {
"action": [
"remove_member",
"remove_user"
],
"category": [
"iam"
],
"dataset": "admin#reports#activity",
"type": [
"admin"
]
},
"@timestamp": "2025-02-18T16:00:24.311000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"events": [
{
"name": "remove_user",
"type": "moderator_action"
},
{
"name": "remove_member",
"type": "moderator_action"
}
],
"parameters_all": [
{
"name": "member_id",
"value": "john.doe@example.com"
},
{
"name": "group_id",
"value": "team@example.com"
},
{
"name": "member_type",
"value": "user"
},
{
"name": "member_id",
"value": "john.doe@example.com"
},
{
"name": "group_id",
"value": "team@example.com"
},
{
"name": "member_type",
"value": "user"
}
]
}
},
"network": {
"application": "groups_enterprise"
},
"user": {
"email": "john.doe@example.com",
"group": {
"id": "team@example.com"
}
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-11T15:20:33.157Z\",\"uniqueQualifier\":\"-92180609786\",\"applicationName\":\"groups_enterprise\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"jane.doe@test.com\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"moderator_action\",\"name\":\"delete_group\",\"parameters\":[{\"name\":\"group_id\",\"value\":\"testgroup@test.com\"}]}]}",
"event": {
"action": "delete_group",
"category": [
"iam"
],
"dataset": "admin#reports#activity",
"type": [
"admin"
]
},
"@timestamp": "2024-03-11T15:20:33.157000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "jane.doe@test.com"
},
"events": [
{
"name": "delete_group",
"type": "moderator_action"
}
],
"parameters_all": [
{
"name": "group_id",
"value": "testgroup@test.com"
}
]
}
},
"network": {
"application": "groups_enterprise"
},
"related": {
"user": [
"jane.doe"
]
},
"user": {
"domain": "test.com",
"email": "jane.doe@test.com",
"group": {
"id": "testgroup@test.com"
},
"id": "user1",
"name": "jane.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-13T11:02:40.037Z\",\"uniqueQualifier\":\"235176017661\",\"applicationName\":\"meet\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"jane.doe@test.com\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"call\",\"name\":\"call_ended\",\"parameters\":[{\"name\":\"video_send_seconds\",\"intValue\":\"0\"},{\"name\":\"location_country\",\"value\":\"FR\"},{\"name\":\"identifier_type\",\"value\":\"email_address\"},{\"name\":\"endpoint_id\",\"value\":\"dSzi5ZfqD8I\"},{\"name\":\"device_type\",\"value\":\"web\"},{\"name\":\"screencast_send_packet_loss_mean\",\"intValue\":\"0\"},{\"name\":\"calendar_event_id\",\"value\":\"glb41ldt739tcf0bun7p9htaqr\"},{\"name\":\"screencast_send_seconds\",\"intValue\":\"83\"},{\"name\":\"screencast_send_short_side_median_pixels\",\"intValue\":\"1080\"},{\"name\":\"screencast_send_packet_loss_max\",\"intValue\":\"1\"},{\"name\":\"screencast_send_fps_mean\",\"intValue\":\"29\"},{\"name\":\"audio_recv_seconds\",\"intValue\":\"0\"},{\"name\":\"network_congestion\",\"intValue\":\"0\"},{\"name\":\"network_estimated_download_kbps_mean\",\"intValue\":\"1\"},{\"name\":\"network_transport_protocol\",\"value\":\"udp\"},{\"name\":\"duration_seconds\",\"intValue\":\"1498\"},{\"name\":\"identifier\",\"value\":\"jane.doe@test.com\"},{\"name\":\"location_region\",\"value\":\"Argenteuil\"},{\"name\":\"screencast_send_bitrate_kbps_mean\",\"intValue\":\"791\"},{\"name\":\"organizer_email\",\"value\":\"jane.doe@test.com\"},{\"name\":\"ip_address\",\"value\":\"192.0.2.1\"},{\"name\":\"audio_send_seconds\",\"intValue\":\"0\"},{\"name\":\"display_name\",\"value\":\"Test SEGLA\"},{\"name\":\"video_recv_seconds\",\"intValue\":\"0\"},{\"name\":\"screencast_send_long_side_median_pixels\",\"intValue\":\"1920\"},{\"name\":\"network_rtt_msec_mean\",\"intValue\":\"12\"},{\"name\":\"conference_id\",\"value\":\"SQEGZkIp70zCVuvX_PtXDxI\"},{\"name\":\"screencast_recv_seconds\",\"intValue\":\"0\"},{\"name\":\"product_type\",\"value\":\"meet\"},{\"name\":\"network_estimated_upload_kbps_mean\",\"intValue\":\"0\"},{\"name\":\"meeting_code\",\"value\":\"GMGSZDDDDD\"},{\"name\":\"is_external\",\"boolValue\":false}]}]}",
"event": {
"action": "call_ended",
"category": [
"session"
],
"dataset": "admin#reports#activity",
"type": [
"connection"
]
},
"@timestamp": "2024-03-13T11:02:40.037000Z",
"client": {
"geo": {
"region_name": "Argenteuil"
}
},
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "jane.doe@test.com"
},
"events": [
{
"name": "call_ended",
"type": "call"
}
],
"meet": {
"code": "GMGSZDDDDD"
},
"parameters_all": [
{
"intValue": "0",
"name": "video_send_seconds"
},
{
"name": "location_country",
"value": "FR"
},
{
"name": "identifier_type",
"value": "email_address"
},
{
"name": "endpoint_id",
"value": "dSzi5ZfqD8I"
},
{
"name": "device_type",
"value": "web"
},
{
"intValue": "0",
"name": "screencast_send_packet_loss_mean"
},
{
"name": "calendar_event_id",
"value": "glb41ldt739tcf0bun7p9htaqr"
},
{
"intValue": "83",
"name": "screencast_send_seconds"
},
{
"intValue": "1080",
"name": "screencast_send_short_side_median_pixels"
},
{
"intValue": "1",
"name": "screencast_send_packet_loss_max"
},
{
"intValue": "29",
"name": "screencast_send_fps_mean"
},
{
"intValue": "0",
"name": "audio_recv_seconds"
},
{
"intValue": "0",
"name": "network_congestion"
},
{
"intValue": "1",
"name": "network_estimated_download_kbps_mean"
},
{
"name": "network_transport_protocol",
"value": "udp"
},
{
"intValue": "1498",
"name": "duration_seconds"
},
{
"name": "identifier",
"value": "jane.doe@test.com"
},
{
"name": "location_region",
"value": "Argenteuil"
},
{
"intValue": "791",
"name": "screencast_send_bitrate_kbps_mean"
},
{
"name": "organizer_email",
"value": "jane.doe@test.com"
},
{
"name": "ip_address",
"value": "192.0.2.1"
},
{
"intValue": "0",
"name": "audio_send_seconds"
},
{
"name": "display_name",
"value": "Test SEGLA"
},
{
"intValue": "0",
"name": "video_recv_seconds"
},
{
"intValue": "1920",
"name": "screencast_send_long_side_median_pixels"
},
{
"intValue": "12",
"name": "network_rtt_msec_mean"
},
{
"name": "conference_id",
"value": "SQEGZkIp70zCVuvX_PtXDxI"
},
{
"intValue": "0",
"name": "screencast_recv_seconds"
},
{
"name": "product_type",
"value": "meet"
},
{
"intValue": "0",
"name": "network_estimated_upload_kbps_mean"
},
{
"name": "meeting_code",
"value": "GMGSZDDDDD"
},
{
"boolValue": false,
"name": "is_external"
}
]
}
},
"network": {
"application": "meet",
"transport": "udp"
},
"related": {
"ip": [
"192.0.2.1"
],
"user": [
"jane.doe"
]
},
"source": {
"address": "192.0.2.1",
"ip": "192.0.2.1"
},
"user": {
"domain": "test.com",
"email": "jane.doe@test.com",
"id": "user1",
"name": "jane.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-13T10:31:23.630Z\",\"uniqueQualifier\":\"47501654195\",\"applicationName\":\"meet\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"jane.doe@test.com\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"conference_action\",\"name\":\"presentation_started\",\"parameters\":[{\"name\":\"is_external\",\"boolValue\":false},{\"name\":\"meeting_code\",\"value\":\"BWXXZYNUUU\"},{\"name\":\"conference_id\",\"value\":\"iVYNZWWtL3-mwtWyAGIeDxIWOAkI\"},{\"name\":\"action_time\",\"value\":\"2024-03-13T10:31:23.630220Z\"},{\"name\":\"identifier\",\"value\":\"jane.doe@test.com\"},{\"name\":\"identifier_type\",\"value\":\"email_address\"}]}]}",
"event": {
"action": "presentation_started",
"category": [
"session"
],
"dataset": "admin#reports#activity",
"type": [
"connection"
]
},
"@timestamp": "2024-03-13T10:31:23.630000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "jane.doe@test.com"
},
"events": [
{
"name": "presentation_started",
"type": "conference_action"
}
],
"meet": {
"code": "BWXXZYNUUU"
},
"parameters_all": [
{
"boolValue": false,
"name": "is_external"
},
{
"name": "meeting_code",
"value": "BWXXZYNUUU"
},
{
"name": "conference_id",
"value": "iVYNZWWtL3-mwtWyAGIeDxIWOAkI"
},
{
"name": "action_time",
"value": "2024-03-13T10:31:23.630220Z"
},
{
"name": "identifier",
"value": "jane.doe@test.com"
},
{
"name": "identifier_type",
"value": "email_address"
}
]
}
},
"network": {
"application": "meet"
},
"related": {
"user": [
"jane.doe"
]
},
"user": {
"domain": "test.com",
"email": "jane.doe@test.com",
"id": "user1",
"name": "jane.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2025-08-12T06:27:17.877Z\",\"uniqueQualifier\":\"id-1\",\"applicationName\":\"login\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"etag-placeholder\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"user1@example.com\",\"profileId\":\"user1\"},\"ipAddress\":\"192.0.2.20\",\"networkInfo\":{\"ipAsn\":[12345],\"regionCode\":\"XX\",\"subdivisionCode\":\"XX-YYY\"},\"events\":[{\"type\":\"blocked_sender_change\",\"name\":\"blocked_sender\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"noreply@example.org\"}]}]}",
"event": {
"action": "blocked_sender",
"dataset": "admin#reports#activity"
},
"@timestamp": "2025-08-12T06:27:17.877000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "user1@example.com"
},
"events": [
{
"name": "blocked_sender",
"type": "blocked_sender_change"
}
],
"parameters_all": [
{
"name": "affected_email_address",
"value": "noreply@example.org"
}
]
}
},
"network": {
"application": "login"
},
"related": {
"ip": [
"192.0.2.20"
],
"user": [
"user1"
]
},
"source": {
"address": "192.0.2.20",
"ip": "192.0.2.20"
},
"user": {
"domain": "example.com",
"email": "user1@example.com",
"id": "user1",
"name": "user1",
"target": {
"email": "noreply@example.org"
}
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-07T14:21:46.270Z\",\"uniqueQualifier\":\"233165468629800000000\",\"applicationName\":\"rules\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\\\"\",\"actor\":{\"email\":\"john.doe@test.com\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"action_complete_type\",\"name\":\"action_complete\",\"parameters\":[{\"name\":\"data_source\",\"value\":\"DRIVE\"},{\"name\":\"resource_id\",\"value\":\"1K23Am8JmHL9vgGwUjUPaq0000000\"},{\"name\":\"resource_owner_email\",\"value\":\"john.doe@test.com\"},{\"name\":\"rule_resource_name\",\"value\":\"policies/aka00000000000\"},{\"name\":\"rule_name\",\"value\":\"DLP [Drive] - D\\u00e9tecter le partage de International - Num\\u00e9ro IBAN\"},{\"name\":\"rule_type\",\"value\":\"DLP\"},{\"name\":\"matched_detectors\",\"multiMessageValue\":[{\"parameter\":[{\"name\":\"detector_id\",\"value\":\"IBAN_CODE\"},{\"name\":\"detector_type\",\"value\":\"PREDEFINED_DLP\"},{\"name\":\"display_name\",\"value\":\"IBAN_CODE\"}]}]},{\"name\":\"triggered_actions\",\"multiMessageValue\":[{\"parameter\":[{\"name\":\"action_type\",\"value\":\"DRIVE_WARN_ON_EXTERNAL_SHARING\"}]}]},{\"name\":\"resource_recipients\",\"multiValue\":[\"john.doe@test.com\"]},{\"name\":\"scan_type\",\"value\":\"DRIVE_ONLINE_SCAN\"},{\"name\":\"matched_trigger\",\"value\":\"DRIVE_SHARE\"},{\"name\":\"severity\",\"value\":\"LOW\"},{\"name\":\"resource_type\",\"value\":\"DOCUMENT\"},{\"name\":\"resource_title\",\"value\":\"8157822-2024-11-7-15-21-0\"}]}]}",
"event": {
"action": "action_complete",
"dataset": "admin#reports#activity",
"type": [
"info"
]
},
"@timestamp": "2024-11-07T14:21:46.270000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "john.doe@test.com"
},
"events": [
{
"name": "action_complete",
"type": "action_complete_type"
}
],
"parameters_all": [
{
"name": "data_source",
"value": "DRIVE"
},
{
"name": "resource_id",
"value": "1K23Am8JmHL9vgGwUjUPaq0000000"
},
{
"name": "resource_owner_email",
"value": "john.doe@test.com"
},
{
"name": "rule_resource_name",
"value": "policies/aka00000000000"
},
{
"name": "rule_name",
"value": "DLP [Drive] - D\u00e9tecter le partage de International - Num\u00e9ro IBAN"
},
{
"name": "rule_type",
"value": "DLP"
},
{
"multiMessageValue": [
{
"parameter": [
{
"name": "detector_id",
"value": "IBAN_CODE"
},
{
"name": "detector_type",
"value": "PREDEFINED_DLP"
},
{
"name": "display_name",
"value": "IBAN_CODE"
}
]
}
],
"name": "matched_detectors"
},
{
"multiMessageValue": [
{
"parameter": [
{
"name": "action_type",
"value": "DRIVE_WARN_ON_EXTERNAL_SHARING"
}
]
}
],
"name": "triggered_actions"
},
{
"multiValue": [
"john.doe@test.com"
],
"name": "resource_recipients"
},
{
"name": "scan_type",
"value": "DRIVE_ONLINE_SCAN"
},
{
"name": "matched_trigger",
"value": "DRIVE_SHARE"
},
{
"name": "severity",
"value": "LOW"
},
{
"name": "resource_type",
"value": "DOCUMENT"
},
{
"name": "resource_title",
"value": "8157822-2024-11-7-15-21-0"
}
],
"rule": {
"data_source": "DRIVE",
"name": "DLP [Drive] - D\u00e9tecter le partage de International - Num\u00e9ro IBAN",
"scan_type": "DRIVE_ONLINE_SCAN",
"severity": "LOW",
"type": "DLP"
}
}
},
"network": {
"application": "rules"
},
"related": {
"user": [
"john.doe"
]
},
"user": {
"domain": "test.com",
"email": "john.doe@test.com",
"id": "user1",
"name": "john.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-07T14:21:46.270Z\",\"uniqueQualifier\":\"-49907177521610000000\",\"applicationName\":\"rules\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ/\\\"\",\"actor\":{\"email\":\"john.doe@test.com\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"content_matched_type\",\"name\":\"content_matched\",\"parameters\":[{\"name\":\"data_source\",\"value\":\"DRIVE\"},{\"name\":\"resource_id\",\"value\":\"1K23Am8JmHL9vgGwUjUPaqDZV\"},{\"name\":\"resource_owner_email\",\"value\":\"john.doe@test.com\"},{\"name\":\"rule_resource_name\",\"value\":\"policies/aka000000000\"},{\"name\":\"rule_name\",\"value\":\"DLP [Drive] - D\\u00e9tecter le partage de International - Num\\u00e9ro IBAN\"},{\"name\":\"rule_type\",\"value\":\"DLP\"},{\"name\":\"matched_detectors\",\"multiMessageValue\":[{\"parameter\":[{\"name\":\"detector_id\",\"value\":\"IBAN_CODE\"},{\"name\":\"detector_type\",\"value\":\"PREDEFINED_DLP\"},{\"name\":\"display_name\",\"value\":\"IBAN_CODE\"}]}]},{\"name\":\"triggered_actions\",\"multiMessageValue\":[{\"parameter\":[{\"name\":\"action_type\",\"value\":\"DRIVE_WARN_ON_EXTERNAL_SHARING\"}]}]},{\"name\":\"resource_recipients\",\"multiValue\":[\"john.doe@test.com\"]},{\"name\":\"scan_type\",\"value\":\"DRIVE_ONLINE_SCAN\"},{\"name\":\"severity\",\"value\":\"LOW\"},{\"name\":\"resource_type\",\"value\":\"DOCUMENT\"},{\"name\":\"resource_title\",\"value\":\"8157822-2024-11-7-15-21-0\"}]}]}",
"event": {
"action": "content_matched",
"dataset": "admin#reports#activity",
"type": [
"info"
]
},
"@timestamp": "2024-11-07T14:21:46.270000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "john.doe@test.com"
},
"events": [
{
"name": "content_matched",
"type": "content_matched_type"
}
],
"parameters_all": [
{
"name": "data_source",
"value": "DRIVE"
},
{
"name": "resource_id",
"value": "1K23Am8JmHL9vgGwUjUPaqDZV"
},
{
"name": "resource_owner_email",
"value": "john.doe@test.com"
},
{
"name": "rule_resource_name",
"value": "policies/aka000000000"
},
{
"name": "rule_name",
"value": "DLP [Drive] - D\u00e9tecter le partage de International - Num\u00e9ro IBAN"
},
{
"name": "rule_type",
"value": "DLP"
},
{
"multiMessageValue": [
{
"parameter": [
{
"name": "detector_id",
"value": "IBAN_CODE"
},
{
"name": "detector_type",
"value": "PREDEFINED_DLP"
},
{
"name": "display_name",
"value": "IBAN_CODE"
}
]
}
],
"name": "matched_detectors"
},
{
"multiMessageValue": [
{
"parameter": [
{
"name": "action_type",
"value": "DRIVE_WARN_ON_EXTERNAL_SHARING"
}
]
}
],
"name": "triggered_actions"
},
{
"multiValue": [
"john.doe@test.com"
],
"name": "resource_recipients"
},
{
"name": "scan_type",
"value": "DRIVE_ONLINE_SCAN"
},
{
"name": "severity",
"value": "LOW"
},
{
"name": "resource_type",
"value": "DOCUMENT"
},
{
"name": "resource_title",
"value": "8157822-2024-11-7-15-21-0"
}
],
"rule": {
"data_source": "DRIVE",
"name": "DLP [Drive] - D\u00e9tecter le partage de International - Num\u00e9ro IBAN",
"scan_type": "DRIVE_ONLINE_SCAN",
"severity": "LOW",
"type": "DLP"
}
}
},
"network": {
"application": "rules"
},
"related": {
"user": [
"john.doe"
]
},
"user": {
"domain": "test.com",
"email": "john.doe@test.com",
"id": "user1",
"name": "john.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-07T14:26:15.515Z\",\"uniqueQualifier\":\"4091348940000000\",\"applicationName\":\"saml\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\\\"\",\"actor\":{\"email\":\"John.doe@test.com\",\"profileId\":\"user1\"},\"ipAddress\":\"192.0.2.1\",\"events\":[{\"type\":\"login\",\"name\":\"login_success\",\"parameters\":[{\"name\":\"orgunit_path\",\"value\":\"/test/implementation\"},{\"name\":\"initiated_by\",\"value\":\"sp\"},{\"name\":\"application_name\",\"value\":\"AWS\"},{\"name\":\"saml_status_code\",\"value\":\"SUCCESS_URI\"}]}]}",
"event": {
"action": "login_success",
"category": [
"authentication"
],
"dataset": "admin#reports#activity",
"outcome": "success",
"type": [
"allowed"
]
},
"@timestamp": "2024-11-07T14:26:15.515000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "John.doe@test.com"
},
"events": [
{
"name": "login_success",
"type": "login"
}
],
"parameters_all": [
{
"name": "orgunit_path",
"value": "/test/implementation"
},
{
"name": "initiated_by",
"value": "sp"
},
{
"name": "application_name",
"value": "AWS"
},
{
"name": "saml_status_code",
"value": "SUCCESS_URI"
}
],
"saml": {
"application_name": "AWS",
"initiator": "sp",
"status_code": "SUCCESS_URI"
}
}
},
"network": {
"application": "saml"
},
"related": {
"ip": [
"192.0.2.1"
],
"user": [
"John.doe"
]
},
"source": {
"address": "192.0.2.1",
"ip": "192.0.2.1"
},
"user": {
"domain": "test.com",
"email": "John.doe@test.com",
"id": "user1",
"name": "John.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-11-07T14:24:58.191Z\",\"uniqueQualifier\":\"-318965716033600000\",\"applicationName\":\"saml\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"M7TKrOH_7SmMcgNyv3m2zFZr0EiRGbeupcJ_yRi3fFQ\\\"\",\"actor\":{\"email\":\"John.doe@test.com\",\"profileId\":\"user1\"},\"ipAddress\":\"192.0.2.1\",\"events\":[{\"type\":\"login\",\"name\":\"login_success\",\"parameters\":[{\"name\":\"orgunit_path\",\"value\":\"/test/dev\"},{\"name\":\"initiated_by\",\"value\":\"sp\"},{\"name\":\"application_name\",\"value\":\"AWS Client VPN\"},{\"name\":\"saml_status_code\",\"value\":\"SUCCESS_URI\"}]}]}",
"event": {
"action": "login_success",
"category": [
"authentication"
],
"dataset": "admin#reports#activity",
"outcome": "success",
"type": [
"allowed"
]
},
"@timestamp": "2024-11-07T14:24:58.191000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "John.doe@test.com"
},
"events": [
{
"name": "login_success",
"type": "login"
}
],
"parameters_all": [
{
"name": "orgunit_path",
"value": "/test/dev"
},
{
"name": "initiated_by",
"value": "sp"
},
{
"name": "application_name",
"value": "AWS Client VPN"
},
{
"name": "saml_status_code",
"value": "SUCCESS_URI"
}
],
"saml": {
"application_name": "AWS Client VPN",
"initiator": "sp",
"status_code": "SUCCESS_URI"
}
}
},
"network": {
"application": "saml"
},
"related": {
"ip": [
"192.0.2.1"
],
"user": [
"John.doe"
]
},
"source": {
"address": "192.0.2.1",
"ip": "192.0.2.1"
},
"user": {
"domain": "test.com",
"email": "John.doe@test.com",
"id": "user1",
"name": "John.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-07-09T14:05:42.528Z\",\"uniqueQualifier\":\"0123456789101112131\",\"applicationName\":\"admin\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0\",\"actor\":{\"callerType\":\"USER\",\"email\":\"john.doe@example.net\",\"profileId\":\"user1\"},\"ipAddress\":\"1.2.3.4\",\"events\":[{\"type\":\"USER_SETTINGS\",\"name\":\"SUSPEND_USER\",\"parameters\":[{\"name\":\"USER_EMAIL\",\"value\":\"jdoe@example.net\"}]}]}",
"event": {
"action": "SUSPEND_USER",
"category": [
"configuration"
],
"dataset": "admin#reports#activity",
"type": [
"change"
]
},
"@timestamp": "2024-07-09T14:05:42.528000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "john.doe@example.net"
},
"events": [
{
"name": "SUSPEND_USER",
"type": "USER_SETTINGS"
}
],
"parameters": {
"name": "USER_EMAIL",
"value": "jdoe@example.net"
},
"parameters_all": [
{
"name": "USER_EMAIL",
"value": "jdoe@example.net"
}
]
}
},
"network": {
"application": "admin"
},
"related": {
"ip": [
"1.2.3.4"
],
"user": [
"john.doe"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"domain": "example.net",
"email": "john.doe@example.net",
"id": "user1",
"name": "john.doe",
"target": {
"email": "jdoe@example.net"
}
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-01-17T11:09:39.840Z\",\"uniqueQualifier\":\"111111\",\"applicationName\":\"drive\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"aaa-aaa/aaa\",\"actor\":{\"email\":\"johndoe@test.com\",\"profileId\":\"11111\"},\"ipAddress\":\"0.0.0.0\",\"events\":[{\"type\":\"access\",\"name\":\"edit\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":false},{\"name\":\"billable\",\"boolValue\":true},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"owner\",\"value\":\"owner@test.com\"},{\"name\":\"doc_id\",\"value\":\"1111111111\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"Doc Temp\"},{\"name\":\"visibility\",\"value\":\"shared_externally\"},{\"name\":\"originating_app_id\",\"value\":\"111111\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":false}]},{\"type\":\"acl_change\",\"name\":\"change_user_access\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"billable\",\"boolValue\":true},{\"name\":\"visibility_change\",\"value\":\"external\"},{\"name\":\"target_user\",\"value\":\"redacted\"},{\"name\":\"old_value\",\"multiValue\":[\"none\"]},{\"name\":\"new_value\",\"multiValue\":[\"can_edit\"]},{\"name\":\"old_visibility\",\"value\":\"shared_internally\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"owner\",\"value\":\"owner@test.com\"},{\"name\":\"doc_id\",\"value\":\"11111\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"Doc Temp\"},{\"name\":\"visibility\",\"value\":\"shared_externally\"},{\"name\":\"originating_app_id\",\"value\":\"11111\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":false}]}]}",
"event": {
"action": [
"change_user_access",
"edit"
],
"category": [
"file"
],
"dataset": "admin#reports#activity",
"type": [
"access",
"change"
]
},
"@timestamp": "2024-01-17T11:09:39.840000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"file": {
"name": "Doc Temp",
"owner": "owner@test.com",
"type": "document"
},
"google": {
"report": {
"actor": {
"email": "johndoe@test.com"
},
"events": [
{
"name": "edit",
"type": "access"
},
{
"name": "change_user_access",
"type": "acl_change"
}
],
"parameters": {
"visibility": "shared_externally"
},
"parameters_all": [
{
"boolValue": false,
"name": "primary_event"
},
{
"boolValue": true,
"name": "billable"
},
{
"boolValue": false,
"name": "owner_is_shared_drive"
},
{
"name": "owner",
"value": "owner@test.com"
},
{
"name": "doc_id",
"value": "1111111111"
},
{
"name": "doc_type",
"value": "document"
},
{
"boolValue": false,
"name": "is_encrypted"
},
{
"name": "doc_title",
"value": "Doc Temp"
},
{
"name": "visibility",
"value": "shared_externally"
},
{
"name": "originating_app_id",
"value": "111111"
},
{
"boolValue": false,
"name": "actor_is_collaborator_account"
},
{
"boolValue": false,
"name": "owner_is_team_drive"
},
{
"boolValue": true,
"name": "primary_event"
},
{
"boolValue": true,
"name": "billable"
},
{
"name": "visibility_change",
"value": "external"
},
{
"name": "target_user",
"value": "redacted"
},
{
"multiValue": [
"none"
],
"name": "old_value"
},
{
"multiValue": [
"can_edit"
],
"name": "new_value"
},
{
"name": "old_visibility",
"value": "shared_internally"
},
{
"boolValue": false,
"name": "owner_is_shared_drive"
},
{
"name": "owner",
"value": "owner@test.com"
},
{
"name": "doc_id",
"value": "11111"
},
{
"name": "doc_type",
"value": "document"
},
{
"boolValue": false,
"name": "is_encrypted"
},
{
"name": "doc_title",
"value": "Doc Temp"
},
{
"name": "visibility",
"value": "shared_externally"
},
{
"name": "originating_app_id",
"value": "11111"
},
{
"boolValue": false,
"name": "actor_is_collaborator_account"
},
{
"boolValue": false,
"name": "owner_is_team_drive"
}
]
}
},
"network": {
"application": "drive"
},
"related": {
"ip": [
"0.0.0.0"
],
"user": [
"johndoe",
"owner@test.com"
]
},
"source": {
"address": "0.0.0.0",
"ip": "0.0.0.0"
},
"user": {
"domain": "test.com",
"email": "johndoe@test.com",
"id": "11111",
"name": "johndoe",
"target": {
"email": "redacted"
}
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-13T11:24:59.810Z\",\"uniqueQualifier\":\"515960775816012389\",\"applicationName\":\"token\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0H\\\"\",\"actor\":{\"email\":\"JOHN.DOE@test.com\",\"profileId\":\"user1\"},\"ipAddress\":\"1.2.3.4\",\"events\":[{\"name\":\"authorize\",\"parameters\":[{\"name\":\"client_id\",\"value\":\"user1\"},{\"name\":\"app_name\",\"value\":\"Test Log Workspace\"},{\"name\":\"client_type\",\"value\":\"WEB\"},{\"name\":\"scope_data\",\"multiMessageValue\":[{\"parameter\":[{\"name\":\"scope_name\",\"value\":\"https://www.googleapis.com/auth/admin.reports.audit.readonly\"},{\"name\":\"product_bucket\",\"multiValue\":[\"GSUITE_ADMIN\"]}]},{\"parameter\":[{\"name\":\"scope_name\",\"value\":\"https://www.googleapis.com/auth/admin.reports.usage.readonly\"},{\"name\":\"product_bucket\",\"multiValue\":[\"GSUITE_ADMIN\"]}]}]},{\"name\":\"scope\",\"multiValue\":[\"https://www.googleapis.com/auth/admin.reports.audit.readonly\",\"https://www.googleapis.com/auth/admin.reports.usage.readonly\"]}]}]}",
"event": {
"action": "authorize",
"category": [
"authentication"
],
"dataset": "admin#reports#activity",
"outcome": "success",
"type": [
"start"
]
},
"@timestamp": "2024-03-13T11:24:59.810000Z",
"client": {
"user": {
"id": "user1"
}
},
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "JOHN.DOE@test.com"
},
"events": [
" [{'name': 'authorize', 'type': Undefined}]"
],
"parameters_all": [
{
"name": "client_id",
"value": "user1"
},
{
"name": "app_name",
"value": "Test Log Workspace"
},
{
"name": "client_type",
"value": "WEB"
},
{
"multiMessageValue": [
{
"parameter": [
{
"name": "scope_name",
"value": "https://www.googleapis.com/auth/admin.reports.audit.readonly"
},
{
"multiValue": [
"GSUITE_ADMIN"
],
"name": "product_bucket"
}
]
},
{
"parameter": [
{
"name": "scope_name",
"value": "https://www.googleapis.com/auth/admin.reports.usage.readonly"
},
{
"multiValue": [
"GSUITE_ADMIN"
],
"name": "product_bucket"
}
]
}
],
"name": "scope_data"
},
{
"multiValue": [
"https://www.googleapis.com/auth/admin.reports.audit.readonly",
"https://www.googleapis.com/auth/admin.reports.usage.readonly"
],
"name": "scope"
}
],
"token": {
"app_name": "Test Log Workspace",
"type": "WEB"
}
}
},
"network": {
"application": "token"
},
"related": {
"ip": [
"1.2.3.4"
],
"user": [
"JOHN.DOE"
]
},
"source": {
"address": "1.2.3.4",
"ip": "1.2.3.4"
},
"user": {
"domain": "test.com",
"email": "JOHN.DOE@test.com",
"id": "user1",
"name": "JOHN.DOE"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-03-13T11:25:23.391Z\",\"uniqueQualifier\":\"-38605878274\",\"applicationName\":\"token\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"BvGfkzKoKVD0NM7VdXdzkXDD-nHLkyMjheL_9Z5X0H0/t\\\"\",\"actor\":{\"email\":\"JOHN.DOE@test.com\",\"profileId\":\"user1\"},\"ipAddress\":\"1.1.1.1\",\"events\":[{\"type\":\"auth\",\"name\":\"activity\",\"parameters\":[{\"name\":\"api_name\",\"value\":\"admin\"},{\"name\":\"method_name\",\"value\":\"reports.activities.list\"},{\"name\":\"client_id\",\"value\":\"user1\"},{\"name\":\"num_response_bytes\",\"intValue\":\"7\"},{\"name\":\"product_bucket\",\"value\":\"GSUITE_ADMIN\"},{\"name\":\"app_name\",\"value\":\"Test Log Workspace\"},{\"name\":\"client_type\",\"value\":\"WEB\"}]}]}",
"event": {
"action": "activity",
"category": [
"authentication"
],
"dataset": "admin#reports#activity",
"type": [
"access",
"connection"
]
},
"@timestamp": "2024-03-13T11:25:23.391000Z",
"client": {
"user": {
"id": "user1"
}
},
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "JOHN.DOE@test.com"
},
"events": [
{
"name": "activity",
"type": "auth"
}
],
"parameters_all": [
{
"name": "api_name",
"value": "admin"
},
{
"name": "method_name",
"value": "reports.activities.list"
},
{
"name": "client_id",
"value": "user1"
},
{
"intValue": "7",
"name": "num_response_bytes"
},
{
"name": "product_bucket",
"value": "GSUITE_ADMIN"
},
{
"name": "app_name",
"value": "Test Log Workspace"
},
{
"name": "client_type",
"value": "WEB"
}
],
"token": {
"app_name": "Test Log Workspace",
"type": "WEB"
}
}
},
"network": {
"application": "token"
},
"related": {
"ip": [
"1.1.1.1"
],
"user": [
"JOHN.DOE"
]
},
"source": {
"address": "1.1.1.1",
"ip": "1.1.1.1"
},
"user": {
"domain": "test.com",
"email": "JOHN.DOE@test.com",
"id": "user1",
"name": "JOHN.DOE"
}
}
{
"message": "{\"kind\": \"admin#reports#activity\", \"id\": {\"time\": \"2026-01-06T11:21:54.304Z\", \"uniqueQualifier\": \"-123456\", \"applicationName\": \"user_accounts\", \"customerId\": \"REDACTED\"}, \"etag\": \"\\\"abc\\\"\", \"actor\": {\"callerType\": \"USER\", \"email\": \"john.doe@example.com\", \"profileId\": \"REDACTED\"}, \"ipAddress\": \"FE80:000:333:1111:7777:5555:6666:ddd\", \"networkInfo\": {\"ipAsn\": [12345], \"regionCode\": \"FR\", \"subdivisionCode\": \"FR-HDF\"}, \"events\": [{\"type\": \"email_forwarding_change\", \"name\": \"email_forwarding_out_of_domain\", \"parameters\": [{\"name\": \"email_forwarding_destination_address\", \"value\": \"jane.doe@example.net\"}], \"resourceIds\": [\"RESOURCE_ID1\"]}], \"resourceDetails\": [{\"id\": \"RESOURCE_ID1\", \"type\": \"USER\"}]}",
"event": {
"action": "email_forwarding_out_of_domain",
"dataset": "admin#reports#activity"
},
"@timestamp": "2026-01-06T11:21:54.304000Z",
"cloud": {
"account": {
"id": "REDACTED"
}
},
"email": {
"cc": {
"address": [
"jane.doe@example.net"
]
}
},
"google": {
"report": {
"actor": {
"email": "john.doe@example.com"
},
"events": [
{
"name": "email_forwarding_out_of_domain",
"type": "email_forwarding_change"
}
],
"parameters_all": [
{
"name": "email_forwarding_destination_address",
"value": "jane.doe@example.net"
}
]
}
},
"network": {
"application": "user_accounts"
},
"related": {
"ip": [
"fe80:0:333:1111:7777:5555:6666:ddd"
],
"user": [
"john.doe"
]
},
"source": {
"address": "fe80:0:333:1111:7777:5555:6666:ddd",
"ip": "fe80:0:333:1111:7777:5555:6666:ddd"
},
"user": {
"domain": "example.com",
"email": "john.doe@example.com",
"id": "REDACTED",
"name": "john.doe"
}
}
{
"message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-10-24T12:15:09.887Z\",\"uniqueQualifier\":\"38392508037850000000\",\"applicationName\":\"vault\",\"customerId\":\"ANONYMIZED\"},\"etag\":\"\\\"v9u8pSCZPl3C66fdSWYRyXweF216RQ7SWqFaenjlgO0/aMkDQ5g3000000000000000000000\\\"\",\"actor\":{\"callerType\":\"USER\",\"email\":\"redacted\",\"profileId\":\"user1\"},\"events\":[{\"type\":\"user_action\",\"name\":\"view_cross_matter_litigation_hold_report\"}]}",
"event": {
"action": "view_cross_matter_litigation_hold_report",
"dataset": "admin#reports#activity",
"type": [
"access"
]
},
"@timestamp": "2024-10-24T12:15:09.887000Z",
"cloud": {
"account": {
"id": "ANONYMIZED"
}
},
"google": {
"report": {
"actor": {
"email": "redacted"
},
"events": [
{
"name": "view_cross_matter_litigation_hold_report",
"type": "user_action"
}
],
"parameters_all": []
}
},
"network": {
"application": "vault"
},
"user": {
"id": "user1"
}
}
Extracted Fields
The following table lists the fields that are extracted, normalized under the ECS format, analyzed and indexed by the parser. It should be noted that infered fields are not listed.
| Name | Type | Description |
|---|---|---|
@timestamp |
date |
Date/time when the event originated. |
client.geo.region_name |
keyword |
Region name. |
client.user.id |
keyword |
Unique identifier of the user. |
cloud.account.id |
keyword |
The cloud account or organization id. |
destination.user.email |
keyword |
User email address. |
email.cc.address |
keyword |
Email address of CC recipient |
event.action |
keyword |
The action captured by the event. |
event.category |
keyword |
Event category. The second categorization field in the hierarchy. |
event.dataset |
keyword |
Name of the dataset. |
event.outcome |
keyword |
The outcome of the event. The lowest level categorization field in the hierarchy. |
event.reason |
keyword |
Reason why this event happened, according to the source |
event.type |
keyword |
Event type. The third categorization field in the hierarchy. |
file.gid |
keyword |
Primary group ID (GID) of the file. |
file.name |
keyword |
Name of the file including the extension, without the directory. |
file.owner |
keyword |
File owner's username. |
file.type |
keyword |
File type (file, dir, or symlink). |
google.report.access.application |
keyword |
Application name |
google.report.actor.email |
keyword |
|
google.report.boot_mode.new |
keyword |
New boot mode |
google.report.boot_mode.old |
keyword |
Old boot mode |
google.report.chat.message.id |
keyword |
Message id |
google.report.chat.room.name |
keyword |
Room name |
google.report.drive.new_classification |
keyword |
|
google.report.drive.old_classification |
keyword |
|
google.report.events |
array |
List of events |
google.report.host.os.old_version |
keyword |
Previous OS version |
google.report.login.failure.reason |
keyword |
Login failure reason |
google.report.meet.code |
keyword |
Meet code |
google.report.parameters.name |
keyword |
Name of the item associated with the activity |
google.report.parameters.value |
keyword |
Value of the item associated with the activity |
google.report.parameters.visibility |
keyword |
Visibility of the Drive item associated with the activity |
google.report.parameters_all |
array |
Parameter value pairs for various applications |
google.report.remove.user.reason |
keyword |
Remove user reason |
google.report.rule.data_source |
keyword |
Data source |
google.report.rule.name |
keyword |
Name of the rule |
google.report.rule.scan_type |
keyword |
Scan type |
google.report.rule.severity |
keyword |
Severity of the rule |
google.report.rule.type |
keyword |
Rule type |
google.report.saml.application_name |
keyword |
Saml SP application name |
google.report.saml.initiator |
keyword |
SAML requester of saml authentication |
google.report.saml.status_code |
keyword |
SAML response status |
google.report.session.id |
keyword |
Session ID |
google.report.token.app_name |
keyword |
Token authorization application name |
google.report.token.type |
keyword |
Token type |
host.name |
keyword |
Name of the host. |
host.os.full |
keyword |
Operating system name, including the version or code name. |
host.os.version |
keyword |
Operating system version as a raw string. |
network.application |
keyword |
Application level protocol name. |
network.transport |
keyword |
Protocol Name corresponding to the field iana_number. |
organization.name |
keyword |
Organization name. |
source.ip |
ip |
IP address of the source. |
user.domain |
keyword |
Name of the directory the user is a member of. |
user.email |
keyword |
User email address. |
user.group.id |
keyword |
Unique identifier for the group on the system/platform. |
user.id |
keyword |
Unique identifier of the user. |
user.name |
keyword |
Short name or login of the user. |
user.target.email |
keyword |
User email address. |
For more information on the Intake Format, please find the code of the Parser, Smart Descriptions, and Supported Events here.