This document lists the events and parameters for
various types of
Rules Audit activity events. You can retrieve these events by
calling Activities.list()
with applicationName=rules.
Action complete type
Audit event type which indicates action complete events.
Events of this type are returned with type=action_complete_type.
Action complete
Audit event indicating action complete event.
| Event details |
| Event name |
action_complete |
| Parameters |
access_level |
string
Label for a list of access levels.
|
actor_ip_address |
string
IP of the entity who was responsible for the original event which triggered the rule.
|
conference_id |
string
The unique identifier of a Google Meet conference.
|
data_source |
string
Source of the data.
Possible values:
ADMIN
Enum value of Admin data source.CALENDAR
Enum value of Calendar data source.CHAT
Enum value of Chat data source.CHROME
Enum value of Chrome data source.DEVICE
Enum value of Device data source.DRIVE
Enum value of Drive data source.GMAIL
Enum value of Gmail data source.GROUPS
Enum value of Groups data source.MEET
Enum value of Hangouts Meet data source.RULE
Enum value of Rule data source.USER
Enum value of User data source.VOICE
Enum value of Voice data source.
|
device_id |
string
ID of the device on which the action was triggered.
|
device_type |
string
Type of device referred to by device ID.
Possible values:
CHROME_BROWSER
Device type label when the device is a managed Chrome browser.CHROME_OS
Device type label when the device is a managed Chrome OS device.CHROME_PROFILE
Device type label when the device is a managed Chrome profile.
|
evaluation_context |
message
Evaluation metadata, such as contextual messages used in a rule evaluation.
|
has_alert |
boolean
Whether or not the triggered rule has alert enabled.
|
matched_detectors |
message
A list of detectors that matched against the resource.
|
matched_threshold |
string
Threshold that matched in the rule.
|
matched_trigger |
string
Trigger of the rule evaluation: email sent or received, document shared.
Possible values:
CALENDAR_EVENTS
Event label when the rule triggered because of a Calendar event.CHAT_ATTACHMENT_UPLOADED
Event label when the rule triggered because a Chat attachment containing sensitive info was uploaded.CHAT_MESSAGE_SENT
Event label when the rule triggered because a Chat message containing sensitive info was sent.CHROME_EVENTS
Event label when the rule triggered because of a Chrome event.CHROME_FILE_DOWNLOAD
Event label when the rule triggered because a file was downloaded.CHROME_FILE_UPLOAD
Event label when the rule triggered because a file was uploaded.CHROME_WEB_CONTENT_UPLOAD
Event label when the rule triggered because web content was uploaded.DEVICE_EVENTS
Event label when the rule triggered because of a Device event.DRIVE_EVENTS
Event label when the rule triggered because of a Drive event.DRIVE_SHARE
Event label when the rule triggered because a file was shared.GMAIL_EVENTS
Event label when the rule triggered because of a Gmail event.GROUPS_EVENTS
Event label when the rule triggered because of a Groups event.MAIL_BEING_RECEIVED
Event label when the rule triggered because a message was received.MAIL_BEING_SENT
Event label when the rule triggered because a message was sent.MEET_EVENTS
Event label when the rule triggered because of a Meet event.OAUTH_EVENTS
Event label when the rule triggered because of an OAuth event.USER_EVENTS
Event label when the rule triggered because of a User event.VOICE_EVENTS
Event label when the rule triggered because of a Voice event.
|
resource_id |
string
Identifier of the resource which matched the rule.
|
resource_owner_email |
string
Email address of the owner of the resource.
|
resource_recipients |
string
A list of users that a Drive document or an email message was shared with when the rule was triggered.
|
resource_recipients_omitted_count |
integer
The number of resource recipients omitted due to exceeding the size limit.
|
resource_title |
string
Title of the resource which matched the rule: email subject, or document title.
|
resource_type |
string
Type of the resource which matched the rule.
Possible values:
CHAT_ATTACHMENT
Chat attachment resource type.CHAT_MESSAGE
Chat message resource type.DEVICE
Device resource type.DOCUMENT
Document resource type.EMAIL
Email resource type.USER
User resource type.
|
rule_name |
string
Name of the rule.
|
rule_resource_name |
string
Resource name that uniquely identifies a rule.
|
rule_type |
string
Type of the rule.
Possible values:
ACTIVITY_RULE
Activity rule type.DLP
Data Loss Prevention (DLP) rule type.
|
scan_type |
string
Scan mode for the rule evaluation.
Possible values:
CHAT_SCAN_CONTENT_BEFORE_SEND
Scan type that stands for scanning Chat content before sending it out.DRIVE_OFFLINE_SCAN
Scan type that stands for evaluating rules that were updated on all Drive items.DRIVE_ONLINE_SCAN
Scan type that stands for evaluating rules on a single Drive item that was changed.
|
severity |
string
Severity of violating a rule.
Possible values:
HIGH
Severity of violating the rule is high.LOW
Severity of violating the rule is low.MEDIUM
Severity of violating the rule is medium.
|
space_id |
string
ID of the space where the rule was triggered.
|
space_type |
string
Type of space referred to by the space ID.
Possible values:
CHAT_DIRECT_MESSAGE
Space type label when the space is a Chat direct message.CHAT_EXTERNALLY_OWNED
Space type label when the conversation is owned by an external organization.CHAT_GROUP
Space type label when the space is a Chat group.CHAT_ROOM
Space type label when the space is a Chat room.
|
suppressed_actions |
message
A list of actions that were not taken due to other actions with higher priority.
|
triggered_actions |
message
A list of actions that were taken as a consequence of the rule being triggered.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/rules?eventName=action_complete&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Action completed
|
Label applied type
Audit event type which indicates label applied events.
Events of this type are returned with type=label_applied_type.
Label applied
Audit event indicating label applied events.
| Event details |
| Event name |
label_applied |
| Parameters |
actor_ip_address |
string
IP of the entity who was responsible for the original event which triggered the rule.
|
conference_id |
string
The unique identifier of a Google Meet conference.
|
data_source |
string
Source of the data.
Possible values:
ADMIN
Enum value of Admin data source.CALENDAR
Enum value of Calendar data source.CHAT
Enum value of Chat data source.CHROME
Enum value of Chrome data source.DEVICE
Enum value of Device data source.DRIVE
Enum value of Drive data source.GMAIL
Enum value of Gmail data source.GROUPS
Enum value of Groups data source.MEET
Enum value of Hangouts Meet data source.RULE
Enum value of Rule data source.USER
Enum value of User data source.VOICE
Enum value of Voice data source.
|
device_id |
string
ID of the device on which the action was triggered.
|
device_type |
string
Type of device referred to by device ID.
Possible values:
CHROME_BROWSER
Device type label when the device is a managed Chrome browser.CHROME_OS
Device type label when the device is a managed Chrome OS device.CHROME_PROFILE
Device type label when the device is a managed Chrome profile.
|
evaluation_context |
message
Evaluation metadata, such as contextual messages used in a rule evaluation.
|
has_alert |
boolean
Whether or not the triggered rule has alert enabled.
|
label_title |
string
Title of the label to which the item belongs.
|
matched_detectors |
message
A list of detectors that matched against the resource.
|
matched_threshold |
string
Threshold that matched in the rule.
|
matched_trigger |
string
Trigger of the rule evaluation: email sent or received, document shared.
Possible values:
CALENDAR_EVENTS
Event label when the rule triggered because of a Calendar event.CHAT_ATTACHMENT_UPLOADED
Event label when the rule triggered because a Chat attachment containing sensitive info was uploaded.CHAT_MESSAGE_SENT
Event label when the rule triggered because a Chat message containing sensitive info was sent.CHROME_EVENTS
Event label when the rule triggered because of a Chrome event.CHROME_FILE_DOWNLOAD
Event label when the rule triggered because a file was downloaded.CHROME_FILE_UPLOAD
Event label when the rule triggered because a file was uploaded.CHROME_WEB_CONTENT_UPLOAD
Event label when the rule triggered because web content was uploaded.DEVICE_EVENTS
Event label when the rule triggered because of a Device event.DRIVE_EVENTS
Event label when the rule triggered because of a Drive event.DRIVE_SHARE
Event label when the rule triggered because a file was shared.GMAIL_EVENTS
Event label when the rule triggered because of a Gmail event.GROUPS_EVENTS
Event label when the rule triggered because of a Groups event.MAIL_BEING_RECEIVED
Event label when the rule triggered because a message was received.MAIL_BEING_SENT
Event label when the rule triggered because a message was sent.MEET_EVENTS
Event label when the rule triggered because of a Meet event.OAUTH_EVENTS
Event label when the rule triggered because of an OAuth event.USER_EVENTS
Event label when the rule triggered because of a User event.VOICE_EVENTS
Event label when the rule triggered because of a Voice event.
|
resource_id |
string
Identifier of the resource which matched the rule.
|
resource_owner_email |
string
Email address of the owner of the resource.
|
resource_recipients |
string
A list of users that a Drive document or an email message was shared with when the rule was triggered.
|
resource_recipients_omitted_count |
integer
The number of resource recipients omitted due to exceeding the size limit.
|
resource_title |
string
Title of the resource which matched the rule: email subject, or document title.
|
resource_type |
string
Type of the resource which matched the rule.
Possible values:
CHAT_ATTACHMENT
Chat attachment resource type.CHAT_MESSAGE
Chat message resource type.DEVICE
Device resource type.DOCUMENT
Document resource type.EMAIL
Email resource type.USER
User resource type.
|
rule_name |
string
Name of the rule.
|
rule_resource_name |
string
Resource name that uniquely identifies a rule.
|
rule_type |
string
Type of the rule.
Possible values:
ACTIVITY_RULE
Activity rule type.DLP
Data Loss Prevention (DLP) rule type.
|
scan_type |
string
Scan mode for the rule evaluation.
Possible values:
CHAT_SCAN_CONTENT_BEFORE_SEND
Scan type that stands for scanning Chat content before sending it out.DRIVE_OFFLINE_SCAN
Scan type that stands for evaluating rules that were updated on all Drive items.DRIVE_ONLINE_SCAN
Scan type that stands for evaluating rules on a single Drive item that was changed.
|
severity |
string
Severity of violating a rule.
Possible values:
HIGH
Severity of violating the rule is high.LOW
Severity of violating the rule is low.MEDIUM
Severity of violating the rule is medium.
|
space_id |
string
ID of the space where the rule was triggered.
|
space_type |
string
Type of space referred to by the space ID.
Possible values:
CHAT_DIRECT_MESSAGE
Space type label when the space is a Chat direct message.CHAT_EXTERNALLY_OWNED
Space type label when the conversation is owned by an external organization.CHAT_GROUP
Space type label when the space is a Chat group.CHAT_ROOM
Space type label when the space is a Chat room.
|
suppressed_actions |
message
A list of actions that were not taken due to other actions with higher priority.
|
triggered_actions |
message
A list of actions that were taken as a consequence of the rule being triggered.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/rules?eventName=label_applied&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
DLP Rule applied Label {label_title}.
|
Label field value changed type
Audit event type which indicates label field value changed events.
Events of this type are returned with type=label_field_value_changed_type.
Label field value changed
Audit event indicating label field value changed event.
| Event details |
| Event name |
label_field_value_changed |
| Parameters |
actor_ip_address |
string
IP of the entity who was responsible for the original event which triggered the rule.
|
conference_id |
string
The unique identifier of a Google Meet conference.
|
data_source |
string
Source of the data.
Possible values:
ADMIN
Enum value of Admin data source.CALENDAR
Enum value of Calendar data source.CHAT
Enum value of Chat data source.CHROME
Enum value of Chrome data source.DEVICE
Enum value of Device data source.DRIVE
Enum value of Drive data source.GMAIL
Enum value of Gmail data source.GROUPS
Enum value of Groups data source.MEET
Enum value of Hangouts Meet data source.RULE
Enum value of Rule data source.USER
Enum value of User data source.VOICE
Enum value of Voice data source.
|
device_id |
string
ID of the device on which the action was triggered.
|
device_type |
string
Type of device referred to by device ID.
Possible values:
CHROME_BROWSER
Device type label when the device is a managed Chrome browser.CHROME_OS
Device type label when the device is a managed Chrome OS device.CHROME_PROFILE
Device type label when the device is a managed Chrome profile.
|
evaluation_context |
message
Evaluation metadata, such as contextual messages used in a rule evaluation.
|
has_alert |
boolean
Whether or not the triggered rule has alert enabled.
|
label_field |
string
Field of the label to which the item belongs.
|
label_title |
string
Title of the label to which the item belongs.
|
matched_detectors |
message
A list of detectors that matched against the resource.
|
matched_threshold |
string
Threshold that matched in the rule.
|
matched_trigger |
string
Trigger of the rule evaluation: email sent or received, document shared.
Possible values:
CALENDAR_EVENTS
Event label when the rule triggered because of a Calendar event.CHAT_ATTACHMENT_UPLOADED
Event label when the rule triggered because a Chat attachment containing sensitive info was uploaded.CHAT_MESSAGE_SENT
Event label when the rule triggered because a Chat message containing sensitive info was sent.CHROME_EVENTS
Event label when the rule triggered because of a Chrome event.CHROME_FILE_DOWNLOAD
Event label when the rule triggered because a file was downloaded.CHROME_FILE_UPLOAD
Event label when the rule triggered because a file was uploaded.CHROME_WEB_CONTENT_UPLOAD
Event label when the rule triggered because web content was uploaded.DEVICE_EVENTS
Event label when the rule triggered because of a Device event.DRIVE_EVENTS
Event label when the rule triggered because of a Drive event.DRIVE_SHARE
Event label when the rule triggered because a file was shared.GMAIL_EVENTS
Event label when the rule triggered because of a Gmail event.GROUPS_EVENTS
Event label when the rule triggered because of a Groups event.MAIL_BEING_RECEIVED
Event label when the rule triggered because a message was received.MAIL_BEING_SENT
Event label when the rule triggered because a message was sent.MEET_EVENTS
Event label when the rule triggered because of a Meet event.OAUTH_EVENTS
Event label when the rule triggered because of an OAuth event.USER_EVENTS
Event label when the rule triggered because of a User event.VOICE_EVENTS
Event label when the rule triggered because of a Voice event.
|
new_value |
string
New value.
|
old_value |
string
Old value.
|
resource_id |
string
Identifier of the resource which matched the rule.
|
resource_owner_email |
string
Email address of the owner of the resource.
|
resource_recipients |
string
A list of users that a Drive document or an email message was shared with when the rule was triggered.
|
resource_recipients_omitted_count |
integer
The number of resource recipients omitted due to exceeding the size limit.
|
resource_title |
string
Title of the resource which matched the rule: email subject, or document title.
|
resource_type |
string
Type of the resource which matched the rule.
Possible values:
CHAT_ATTACHMENT
Chat attachment resource type.CHAT_MESSAGE
Chat message resource type.DEVICE
Device resource type.DOCUMENT
Document resource type.EMAIL
Email resource type.USER
User resource type.
|
rule_name |
string
Name of the rule.
|
rule_resource_name |
string
Resource name that uniquely identifies a rule.
|
rule_type |
string
Type of the rule.
Possible values:
ACTIVITY_RULE
Activity rule type.DLP
Data Loss Prevention (DLP) rule type.
|
scan_type |
string
Scan mode for the rule evaluation.
Possible values:
CHAT_SCAN_CONTENT_BEFORE_SEND
Scan type that stands for scanning Chat content before sending it out.DRIVE_OFFLINE_SCAN
Scan type that stands for evaluating rules that were updated on all Drive items.DRIVE_ONLINE_SCAN
Scan type that stands for evaluating rules on a single Drive item that was changed.
|
severity |
string
Severity of violating a rule.
Possible values:
HIGH
Severity of violating the rule is high.LOW
Severity of violating the rule is low.MEDIUM
Severity of violating the rule is medium.
|
space_id |
string
ID of the space where the rule was triggered.
|
space_type |
string
Type of space referred to by the space ID.
Possible values:
CHAT_DIRECT_MESSAGE
Space type label when the space is a Chat direct message.CHAT_EXTERNALLY_OWNED
Space type label when the conversation is owned by an external organization.CHAT_GROUP
Space type label when the space is a Chat group.CHAT_ROOM
Space type label when the space is a Chat room.
|
suppressed_actions |
message
A list of actions that were not taken due to other actions with higher priority.
|
triggered_actions |
message
A list of actions that were taken as a consequence of the rule being triggered.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/rules?eventName=label_field_value_changed&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
DLP Rule changed the value of field {label_field} (Label: {label_title}) from '{old_value}' to '{new_value}'.
|
Label removed type
Audit event type which indicates label removed events.
Events of this type are returned with type=label_removed_type.
Label removed
Audit event indicating label removed event.
| Event details |
| Event name |
label_removed |
| Parameters |
actor_ip_address |
string
IP of the entity who was responsible for the original event which triggered the rule.
|
conference_id |
string
The unique identifier of a Google Meet conference.
|
data_source |
string
Source of the data.
Possible values:
ADMIN
Enum value of Admin data source.CALENDAR
Enum value of Calendar data source.CHAT
Enum value of Chat data source.CHROME
Enum value of Chrome data source.DEVICE
Enum value of Device data source.DRIVE
Enum value of Drive data source.GMAIL
Enum value of Gmail data source.GROUPS
Enum value of Groups data source.MEET
Enum value of Hangouts Meet data source.RULE
Enum value of Rule data source.USER
Enum value of User data source.VOICE
Enum value of Voice data source.
|
device_id |
string
ID of the device on which the action was triggered.
|
device_type |
string
Type of device referred to by device ID.
Possible values:
CHROME_BROWSER
Device type label when the device is a managed Chrome browser.CHROME_OS
Device type label when the device is a managed Chrome OS device.CHROME_PROFILE
Device type label when the device is a managed Chrome profile.
|
evaluation_context |
message
Evaluation metadata, such as contextual messages used in a rule evaluation.
|
has_alert |
boolean
Whether or not the triggered rule has alert enabled.
|
label_title |
string
Title of the label to which the item belongs.
|
matched_detectors |
message
A list of detectors that matched against the resource.
|
matched_threshold |
string
Threshold that matched in the rule.
|
matched_trigger |
string
Trigger of the rule evaluation: email sent or received, document shared.
Possible values:
CALENDAR_EVENTS
Event label when the rule triggered because of a Calendar event.CHAT_ATTACHMENT_UPLOADED
Event label when the rule triggered because a Chat attachment containing sensitive info was uploaded.CHAT_MESSAGE_SENT
Event label when the rule triggered because a Chat message containing sensitive info was sent.CHROME_EVENTS
Event label when the rule triggered because of a Chrome event.CHROME_FILE_DOWNLOAD
Event label when the rule triggered because a file was downloaded.CHROME_FILE_UPLOAD
Event label when the rule triggered because a file was uploaded.CHROME_WEB_CONTENT_UPLOAD
Event label when the rule triggered because web content was uploaded.DEVICE_EVENTS
Event label when the rule triggered because of a Device event.DRIVE_EVENTS
Event label when the rule triggered because of a Drive event.DRIVE_SHARE
Event label when the rule triggered because a file was shared.GMAIL_EVENTS
Event label when the rule triggered because of a Gmail event.GROUPS_EVENTS
Event label when the rule triggered because of a Groups event.MAIL_BEING_RECEIVED
Event label when the rule triggered because a message was received.MAIL_BEING_SENT
Event label when the rule triggered because a message was sent.MEET_EVENTS
Event label when the rule triggered because of a Meet event.OAUTH_EVENTS
Event label when the rule triggered because of an OAuth event.USER_EVENTS
Event label when the rule triggered because of a User event.VOICE_EVENTS
Event label when the rule triggered because of a Voice event.
|
resource_id |
string
Identifier of the resource which matched the rule.
|
resource_owner_email |
string
Email address of the owner of the resource.
|
resource_recipients |
string
A list of users that a Drive document or an email message was shared with when the rule was triggered.
|
resource_recipients_omitted_count |
integer
The number of resource recipients omitted due to exceeding the size limit.
|
resource_title |
string
Title of the resource which matched the rule: email subject, or document title.
|
resource_type |
string
Type of the resource which matched the rule.
Possible values:
CHAT_ATTACHMENT
Chat attachment resource type.CHAT_MESSAGE
Chat message resource type.DEVICE
Device resource type.DOCUMENT
Document resource type.EMAIL
Email resource type.USER
User resource type.
|
rule_name |
string
Name of the rule.
|
rule_resource_name |
string
Resource name that uniquely identifies a rule.
|
rule_type |
string
Type of the rule.
Possible values:
ACTIVITY_RULE
Activity rule type.DLP
Data Loss Prevention (DLP) rule type.
|
scan_type |
string
Scan mode for the rule evaluation.
Possible values:
CHAT_SCAN_CONTENT_BEFORE_SEND
Scan type that stands for scanning Chat content before sending it out.DRIVE_OFFLINE_SCAN
Scan type that stands for evaluating rules that were updated on all Drive items.DRIVE_ONLINE_SCAN
Scan type that stands for evaluating rules on a single Drive item that was changed.
|
severity |
string
Severity of violating a rule.
Possible values:
HIGH
Severity of violating the rule is high.LOW
Severity of violating the rule is low.MEDIUM
Severity of violating the rule is medium.
|
space_id |
string
ID of the space where the rule was triggered.
|
space_type |
string
Type of space referred to by the space ID.
Possible values:
CHAT_DIRECT_MESSAGE
Space type label when the space is a Chat direct message.CHAT_EXTERNALLY_OWNED
Space type label when the conversation is owned by an external organization.CHAT_GROUP
Space type label when the space is a Chat group.CHAT_ROOM
Space type label when the space is a Chat room.
|
suppressed_actions |
message
A list of actions that were not taken due to other actions with higher priority.
|
triggered_actions |
message
A list of actions that were taken as a consequence of the rule being triggered.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/rules?eventName=label_removed&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
DLP Rule removed Label {label_title}.
|
Rule Match Type
Audit event type which inidicates rule matching events.
Events of this type are returned with type=rule_match_type.
Rule Match
Audit event indicating rule match event.
| Event details |
| Event name |
rule_match |
| Parameters |
actions |
string
List of actions taken.
Possible values:
AccountWipeMobileDevice
Account wipe mobile device action name.ApproveMobileDevice
Approve mobile device action name.BlockMobileDevice
Block mobile device action name.FlagDocument
Action which indicates that the item was flagged.SendNotification
Action which indicates that notification was sent.UnflagDocument
Action which indicates that the item was unflagged.
|
application |
string
Name of the application to which the flagged item belongs.
Possible values:
drive
Application name for Google Drive.mobile
Device Management app.
|
drive_shared_drive_id |
string
Shared drive Id to which the drive item belongs, if applicable.
|
has_content_match |
boolean
Whether the resource has content which matches the criteria in the rule.
Possible values:
false
Boolean whose value is false.true
Boolean whose value is true.
|
matched_templates |
string
List of content detector templates that matched.
|
mobile_device_type |
string
Type of device on which rule was applied.
|
mobile_ios_vendor_id |
string
iOS Vendor Id of device on which rule was applied, if applicable.
|
resource_id |
string
Identifier of the resource which matched the rule.
|
resource_name |
string
Name of the resource which matched the rule.
|
resource_owner_email |
string
Email address of the owner of the resource.
|
rule_id |
integer
Unique identifier for a rule. Rules are created by admins in Google Workspace.
|
rule_name |
string
Name of the rule.
|
rule_update_time_usec |
integer
Update time (microseconds since epoch) indicating the version of rule which is used.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/rules?eventName=rule_match&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Rule matched
|
Rule trigger type
Audit event type which indicates rule triggered events.
Events of this type are returned with type=rule_trigger_type.
Rule trigger
Audit event indicating rule triggered event.
| Event details |
| Event name |
rule_trigger |
| Parameters |
data_source |
string
Source of the data.
Possible values:
ADMIN
Enum value of Admin data source.CALENDAR
Enum value of Calendar data source.CHAT
Enum value of Chat data source.CHROME
Enum value of Chrome data source.DEVICE
Enum value of Device data source.DRIVE
Enum value of Drive data source.GMAIL
Enum value of Gmail data source.GROUPS
Enum value of Groups data source.MEET
Enum value of Hangouts Meet data source.RULE
Enum value of Rule data source.USER
Enum value of User data source.VOICE
Enum value of Voice data source.
|
matched_threshold |
string
Threshold that matched in the rule.
|
matched_trigger |
string
Trigger of the rule evaluation: email sent or received, document shared.
Possible values:
CALENDAR_EVENTS
Event label when the rule triggered because of a Calendar event.CHAT_ATTACHMENT_UPLOADED
Event label when the rule triggered because a Chat attachment containing sensitive info was uploaded.CHAT_MESSAGE_SENT
Event label when the rule triggered because a Chat message containing sensitive info was sent.CHROME_EVENTS
Event label when the rule triggered because of a Chrome event.CHROME_FILE_DOWNLOAD
Event label when the rule triggered because a file was downloaded.CHROME_FILE_UPLOAD
Event label when the rule triggered because a file was uploaded.CHROME_WEB_CONTENT_UPLOAD
Event label when the rule triggered because web content was uploaded.DEVICE_EVENTS
Event label when the rule triggered because of a Device event.DRIVE_EVENTS
Event label when the rule triggered because of a Drive event.DRIVE_SHARE
Event label when the rule triggered because a file was shared.GMAIL_EVENTS
Event label when the rule triggered because of a Gmail event.GROUPS_EVENTS
Event label when the rule triggered because of a Groups event.MAIL_BEING_RECEIVED
Event label when the rule triggered because a message was received.MAIL_BEING_SENT
Event label when the rule triggered because a message was sent.MEET_EVENTS
Event label when the rule triggered because of a Meet event.OAUTH_EVENTS
Event label when the rule triggered because of an OAuth event.USER_EVENTS
Event label when the rule triggered because of a User event.VOICE_EVENTS
Event label when the rule triggered because of a Voice event.
|
rule_name |
string
Name of the rule.
|
rule_resource_name |
string
Resource name that uniquely identifies a rule.
|
rule_type |
string
Type of the rule.
Possible values:
ACTIVITY_RULE
Activity rule type.DLP
Data Loss Prevention (DLP) rule type.
|
severity |
string
Severity of violating a rule.
Possible values:
HIGH
Severity of violating the rule is high.LOW
Severity of violating the rule is low.MEDIUM
Severity of violating the rule is medium.
|
triggered_actions |
message
A list of actions that were taken as a consequence of the rule being triggered.
|
|
| Sample request |
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/rules?eventName=rule_trigger&maxResults=10&access_token=YOUR_ACCESS_TOKEN
|
| Admin Console message format |
Rule triggered
|
