Sign up for a Free 30 Day Trial of G Suite Business and get Free Admin support from Google Certified Deployment Specialists.
Google is adding a new rule type to the security center that will help G Suite admins and analysts automate security management tasks and improve their organization's security posture. Specifically, with these updates you can now:
- Create Activity Rules, which are automated rules based on log events within the security center investigation tool.
- Configure Activity Rules to create alerts or perform remediation actions.
- See specific log entries showing when Activity Rules got triggered, what actions were taken, what entities were affected, and more.
- Put Activity Rules in monitor mode to test setup and effectiveness before implementation.
- See Activity Rules in the rules list at Admin console > Security > Security rules.
- Get informed of and investigate rule triggers through alert center alerts.
Why you’d use it
The security center is a powerful tool to help admins and analysts identify, investigate, and remediate security issues. However, we’ve also heard that it is important to be able to automate detection and remediation in order to decrease the time it takes to address issues after they occur.
This launch will make it easier to set up alerts, automate remediation actions, and understand the function and impact of rules, all while reducing the manual effort needed from admins.
How to get started
- Use our Help Center to learn more about the security center and how to use the investigation tool.
- Use our Help Center to learn more about creating activity rules with the investigation tool and viewing and managing security rules.
- End users: No action needed.
Create and configure rules within the security center investigation tool.
Google have added the ability to create and configure Activity Rules within the security center investigation tool. Activity Rules can be based on any log event query in the investigation tool, and can run and perform remediation actions automatically. This will function in a similar way to how you may create rules today to perform data loss prevention (DLP) for Gmail and Drive. They have also added the ability to turn rules on or off when searching for a rule or the audit logs from a rule in the investigation tool.
See specific log entries with details on rule trigger events.
After an Activity Rule is created, we’ll record and show more specific log entries. The entries will include when the rule got triggered, what actions were taken when the rule was triggered, what entities were affected, and the result of those actions. For example, when a rule marks an email as spam, we will record an audit event that shows you exactly what happened and which condition within the rule was triggered. These logs will improve investigation capabilities, help admins to create effective rules, and make it easier to identify outdated rules.
Test Activity Rules with monitor mode before real implementation.
You can also put Activity Rules in monitor mode. While in monitor mode, triggered actions will not be actually executed, and alerts won't be sent to the alert center. Logs, however, will still be recorded about what the rule would have done if it were in active mode. This can help you assess rule effectiveness without worrying about potential negative impacts. When you’re ready, you can simply switch the rule to active mode.
See and manage rules in the rules list.
Rules set up in the security center will also show alongside other rules in the Admin console security rules list at Admin console > Security > Security Rules.
See rule triggers in the alert center.
You’ll be able to see and investigate these rule-based alerts in the alert center.
- Help Center: About the security center
- Help Center: About the security investigation tool
- Help Center: Create activity rules with the investigation tool
- Rapid Release domains: Gradual rollout (up to 15 days for feature visibility) starting on October 29, 2019.
- Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on October 29, 2019.
G Suite editions
- The security center is available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium.
- The security center is not available to G Suite Basic, G Suite Business, G Suite for Education, and G Suite for Nonprofits.
On/off by default?
This feature will be ON by default.
G Suite Free Trial
You can sign up for the free trial of G Suite in minutes and create accounts for up to 10 people on your team free for 14 days. But when you register through Coolhead Tech, we are offering an exclusive 30 Day Free Trial of G Suite Business. There is no commitment to purchase the service and you can use a full range of G Suite features to see if it fits your needs.
Sign-up here: https://www.coolheadtech.com/gsuite-free-trial
Your G Suite trial is limited to 10 users. To add more than 10 users, you must set up billing. When you add an 11th user, you are prompted to end your trial and your paid subscription begins for all users.
Your paid subscription automatically begins when your trial ends.
If your trial period ends and you haven’t set up billing, you'll receive an email that your G Suite account is suspended.
G Suite Basic is just $6/user/month and G Suite Business is $12/user/month.
Some good promo codes are available here: https://www.coolheadtech.com/blog/verified-promo-codes-for-g-suite
Get an Extra Month Free and More.
Chat with us! We're available 24 hours from Monday to Friday.