GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=2sv_disable&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has disabled 2-step verification
两步验证注册
活动详情
事件名称
2sv_enroll
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=2sv_enroll&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has enrolled for 2-step verification
账号密码已更改
系统会使用 type=password_change 返回此类事件。
账号密码更改
活动详情
事件名称
password_edit
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=password_edit&maxResults=10&access_token=YOUR_ACCESS_TOKEN
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=recovery_email_edit&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has changed Account recovery email
账号恢复辅助电话号码更改
活动详情
事件名称
recovery_phone_edit
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=recovery_phone_edit&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has changed Account recovery phone
账号恢复保密问题/答案更改
活动详情
事件名称
recovery_secret_qa_edit
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=recovery_secret_qa_edit&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has changed Account recovery secret question/answer
账号警告
账号警告事件类型。
系统会使用 type=account_warning 返回此类事件。
密码泄露
账号警告事件“账号已停用,密码泄露”说明。
活动详情
事件名称
account_disabled_password_leak
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=account_disabled_password_leak&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Account {affected_email_address} disabled because Google has become aware that someone else knows its password
已注册通行密钥
用户注册的通行密钥。
活动详情
事件名称
passkey_enrolled
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=passkey_enrolled&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} enrolled a new passkey
移除了通行密钥
通行密钥已被用户移除。
活动详情
事件名称
passkey_removed
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=passkey_removed&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} removed passkey
已阻止可疑登录
账号警告事件“可疑登录”说明。
活动详情
事件名称
suspicious_login
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
login_timestamp
integer
账号警告事件的登录时间(以微秒为单位)。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=suspicious_login&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Google has detected a suspicious login for {affected_email_address}
已阻止使用安全性较低的应用进行的可疑登录
账号警告事件“使用安全性较低的应用进行的可疑登录”说明。
活动详情
事件名称
suspicious_login_less_secure_app
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
login_timestamp
integer
账号警告事件的登录时间(以微秒为单位)。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=suspicious_login_less_secure_app&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Google has detected a suspicious login for {affected_email_address} from a less secure app
阻止了通过程序化方式进行的可疑登录
账号警告事件“可疑的程序化登录”说明。
活动详情
事件名称
suspicious_programmatic_login
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
login_timestamp
integer
账号警告事件的登录时间(以微秒为单位)。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=suspicious_programmatic_login&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Google has detected a suspicious programmatic login for {affected_email_address}
用户因可疑的会话 Cookie 而退出账号
用户因可疑的会话 Cookie 而退出账号(Cookie Cutter 恶意软件事件)。
活动详情
事件名称
user_signed_out_due_to_suspicious_session_cookie
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=user_signed_out_due_to_suspicious_session_cookie&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Suspicious session cookie detected for user {affected_email_address}
用户被暂停
账号警告事件“账号已停用”的通用说明。
活动详情
事件名称
account_disabled_generic
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=account_disabled_generic&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Account {affected_email_address} disabled
已暂停用户(通过中继服务发送垃圾内容)
账号警告事件“账号因通过中继服务发送垃圾内容而被停用”说明。
活动详情
事件名称
account_disabled_spamming_through_relay
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=account_disabled_spamming_through_relay&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Account {affected_email_address} disabled because Google has become aware that it was used to engage in spamming through SMTP relay service
已暂停用户(垃圾内容)
账号警告事件账号已因垃圾内容而被停用说明。
活动详情
事件名称
account_disabled_spamming
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=account_disabled_spamming&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Account {affected_email_address} disabled because Google has become aware that it was used to engage in spamming
已暂停用户(可疑活动)
账号警告事件账号已停用被盗用说明。
活动详情
事件名称
account_disabled_hijacked
参数
affected_email_address
string
受事件影响的用户的电子邮件 ID。
login_timestamp
integer
账号警告事件的登录时间(以微秒为单位)。
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=account_disabled_hijacked&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
Account {affected_email_address} disabled because Google has detected a suspicious activity indicating it might have been compromised
已更改高级保护计划注册状态
系统会使用 type=titanium_change 返回此类事件。
注册高级保护计划
活动详情
事件名称
titanium_enroll
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=titanium_enroll&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has enrolled for Advanced Protection
取消注册高级保护计划
活动详情
事件名称
titanium_unenroll
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=titanium_unenroll&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has disabled Advanced Protection
攻击警告
攻击警告事件类型。
系统会使用 type=attack_warning 返回此类事件。
政府支持的攻击
政府支持的攻击警告事件名称。
活动详情
事件名称
gov_attack_warning
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=gov_attack_warning&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} might have been targeted by government-backed attack
“已屏蔽的发件人”设置已更改
系统会使用 type=blocked_sender_change 返回此类事件。
已阻止此发件人日后发送的所有电子邮件。
屏蔽的电子邮件地址。
活动详情
事件名称
blocked_sender
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=blocked_sender&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has blocked all future messages from {affected_email_address}.
电子邮件转发设置已更改
系统会使用 type=email_forwarding_change 返回此类事件。
网域外电子邮件转发功能已启用
活动详情
事件名称
email_forwarding_out_of_domain
示例请求
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=email_forwarding_out_of_domain&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} has enabled out of domain email forwarding to {email_forwarding_destination_address}.
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=login_failure&maxResults=10&access_token=YOUR_ACCESS_TOKEN
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=login_challenge&maxResults=10&access_token=YOUR_ACCESS_TOKEN
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=login_verification&maxResults=10&access_token=YOUR_ACCESS_TOKEN
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=risky_sensitive_action_allowed&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} was allowed to attempt sensitive action: {sensitive_action_name}. This action might be restricted based on privileges or other limitations.
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=risky_sensitive_action_blocked&maxResults=10&access_token=YOUR_ACCESS_TOKEN
管理控制台消息格式
{actor} wasn't allowed to attempt sensitive action: {sensitive_action_name}.
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?eventName=login_success&maxResults=10&access_token=YOUR_ACCESS_TOKEN
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-03-13。"],[[["This document outlines Google Workspace login audit activity events and their parameters, accessible via the Activities.list() API."],["These events provide insights into user login activities like challenges, verifications, logouts, and risky actions."],["Events include details like login methods, challenge outcomes, credential types, and suspicious activity flags."],["Login Audit Activity events can be forwarded to Google Cloud Audit Logs for further analysis and monitoring."],["You can retrieve specific login event data by specifying event names and parameters in API requests."]]],["This document outlines login audit events retrievable via the `Activities.list()` method. Key actions include enabling/disabling 2-step and advanced protection, and changing passwords or recovery information. It details account warnings such as leaked passwords, suspicious logins, and account suspensions. Additionally, it covers actions related to blocked senders, email forwarding settings and login events. It also includes failed login, login challenges, logouts, risky actions, and successful logins. Each event provides specific request parameters and associated messages.\n"]]