Home
Pricing
Github
Slack Channel
Home
Quick Start
Development
Operations
User Guide
Destinations
Analysis
Tutorials
Help
Log Analysis
Overview
Setup
Rules
Supported Logs
Apache
AWS
Box
Cisco Umbrella
Cloudflare
Crowdstrike
Fastly
Fluentd
GCP
GitLab
Gravitational
GSuite
Juniper
Lacework
Nginx
Okta
OneLogin
Osquery
OSSEC
Slack
Suricata
Syslog
Zeek
Standard Fields
Cloud Security
Overview
Setup
Policies
Built-in Policy Runbooks
Automatic Remediation
Supported Resources
Enterprise
Overview
Data Analytics
SaaS Logs
Snowflake Integration
SAML/SSO Integration
Role-Based Access Control
Powered by GitBook

GSuite

Required fields are in bold.

GSuite.Reports

Contains the activity events for a specific account and application such as the Admin console application or the Google Drive application. Reference: https://developers.google.com/admin-sdk/reports/v1/reference/activities/list#response​

Column

Type

Description

id

{ "applicationName":string, "customerId":string, "time":timestamp, "uniqueQualifier":string }

Unique identifier for each activity record.

actor

{ "email":string, "profileId":string, "callerType":string, "key":string }

User doing the action.

kind

string

The type of API resource. For an activity report, the value is reports#activities.

ownerDomain

string

This is the domain that is affected by the report's event. For example domain of Admin console or the Drive application's document owner.

ipAddress

string

IP address of the user doing the action. This is the Internet Protocol (IP) address of the user when logging into G Suite which may or may not reflect the user's physical location. For example, the IP address can be the user's proxy server's address or a virtual private network (VPN) address. The API supports IPv4 and IPv6.

events

[{ "type":string, "name":string, "parameters":[{ "name":string, "value":string, "intValue":bigint, "boolValue":boolean, "multiValue":[string], "multiIntValue":[bigint], "messageValue":string, "multiMessageValue":[string] }] }]

Activity events in the report.

p_log_type

string

Panther added field with type of log

p_row_id

string

Panther added field with unique id (within table)

p_event_time

timestamp

Panther added standardize event time (UTC)

p_parse_time

timestamp

Panther added standardize log parse time (UTC)

p_source_id

string

Panther added field with the source id

p_source_label

string

Panther added field with the source label

p_any_ip_addresses

[string]

Panther added field with collection of ip addresses associated with the row

p_any_domain_names

[string]

Panther added field with collection of domain names associated with the row

p_any_sha1_hashes

[string]

Panther added field with collection of SHA1 hashes associated with the row

p_any_md5_hashes

[string]

Panther added field with collection of MD5 hashes associated with the row

p_any_sha256_hashes

[string]

Panther added field with collection of SHA256 hashes of any algorithm associated with the row

Previous
Gravitational
Next
Juniper
Last updated 11 seconds ago