Week 30, 2022

New Features

πŸ’¬ Free Text Search In Activity

User activity can now be searched with free text for all available information. This new feature speeds up threat investigations by an order of magnitude, enabling SOC and security analysts to find pertinent information much faster during any threat investigation.

πŸ“₯ Download User Activity

You can now download the activity of any user into a convenient .csv file. The downloaded file comes populated with post-filter information, so once you zero in on the criteria or filter out any information that might not be relevant to your identity threat investigation, your download will be full of β€œjust the facts, ma’am.”

πŸ—“ Custom Date Ranges

You can now apply a custom date range to any user activity. This is in addition to existing presets for 1 hour, 4 hour, 1 day, 2 days, 3 days, 7 days, 15 days, and 30 days. This is useful when the boss calls and says β€œget me Bob’s authentication history from July 4th through the 7th.”

**NEW** Identity Security Checks:

βœ… Users with New Email Forwarding Rule

We have a new check for data leak prevention (DLP) that alerts on users who have set up email forwarding from their corporate Google Workspace account. For insider threat detection, the presence of an email forwarding rule is a leading indicator of risk, especially when it’s set to forward to a non-corporate or external email account.

Last updated