Admins only
The security center is a powerful tool to help admins and analysts identify, investigate, and remediate security issues. However, we’ve also heard that it is important to be able to automate detection and remediation in order to decrease the time it takes to address issues after they occur.
This launch will make it easier to set up alerts, automate remediation actions, and understand the function and impact of rules, all while reducing the manual effort needed from admins.
Create and configure rules within the security center investigation tool.
Google have added the ability to create and configure Activity Rules within the security center investigation tool. Activity Rules can be based on any log event query in the investigation tool, and can run and perform remediation actions automatically. This will function in a similar way to how you may create rules today to perform data loss prevention (DLP) for Gmail and Drive. They have also added the ability to turn rules on or off when searching for a rule or the audit logs from a rule in the investigation tool.
See specific log entries with details on rule trigger events.
After an Activity Rule is created, we’ll record and show more specific log entries. The entries will include when the rule got triggered, what actions were taken when the rule was triggered, what entities were affected, and the result of those actions. For example, when a rule marks an email as spam, we will record an audit event that shows you exactly what happened and which condition within the rule was triggered. These logs will improve investigation capabilities, help admins to create effective rules, and make it easier to identify outdated rules.
Test Activity Rules with monitor mode before real implementation.
You can also put Activity Rules in monitor mode. While in monitor mode, triggered actions will not be actually executed, and alerts won't be sent to the alert center. Logs, however, will still be recorded about what the rule would have done if it were in active mode. This can help you assess rule effectiveness without worrying about potential negative impacts. When you’re ready, you can simply switch the rule to active mode.
See and manage rules in the rules list.
Rules set up in the security center will also show alongside other rules in the Admin console security rules list at Admin console > Security > Security Rules.
See rule triggers in the alert center.
You’ll be able to see and investigate these rule-based alerts in the alert center.
Rollout details
G Suite editions
On/off by default?
This feature will be ON by default.
You can sign up for the free trial of G Suite in minutes and create accounts for up to 10 people on your team free for 14 days. But when you register through Coolhead Tech, we are offering an exclusive 30 Day Free Trial of G Suite Business. There is no commitment to purchase the service and you can use a full range of G Suite features to see if it fits your needs.
Sign-up here: https://www.coolheadtech.com/gsuite-free-trial
Your G Suite trial is limited to 10 users. To add more than 10 users, you must set up billing. When you add an 11th user, you are prompted to end your trial and your paid subscription begins for all users.
Your paid subscription automatically begins when your trial ends.
If your trial period ends and you haven’t set up billing, you'll receive an email that your G Suite account is suspended.
https://support.google.com/a/answer/2633430
G Suite Basic is just $6/user/month and G Suite Business is $12/user/month.
Some good promo codes are available here: https://www.coolheadtech.com/blog/verified-promo-codes-for-g-suite
Get an Extra Month Free and More.
Chat with us! We're available 24 hours from Monday to Friday.