DLP Monitoring Capabilities
DLP Monitoring Capabilities
The GSuite DLP system monitors Google Drive activities in real-time with comprehensive metadata capture.
Event Types Tracked
File Downloads
- Tracks downloads to local devices
- Captures download method (browser, API, sync client, mobile)
- Records IP address, location, and device information
- Includes file sensitivity and user risk scores
File Shares
- Monitors internal and external sharing
- Tracks share type (direct, link, domain-wide, public)
- Records permission levels (viewer, editor, owner)
- Captures share settings and expiration dates
ACL Changes
- Tracks permission modifications
- Records before/after states
- Captures who made changes and why
- Monitors ownership transfers
File Views
- Monitors file access without download
- Tracks view duration and method
- Records access path and context
- Captures location and device information
Risk Classification
Events are automatically classified into four risk levels:
- Critical (Red): Immediate security threat requiring urgent action
- High (Orange): Significant concern needing timely review
- Medium (Yellow): Moderate concern worth monitoring
- Low (Green): Normal business activity for baseline tracking
File Type Support
Monitors all major file types including:
- Documents (PDF, Word, Google Docs)
- Spreadsheets (Excel, CSV, Google Sheets)
- Presentations (PowerPoint, Google Slides)
Metadata Captured
For each event, the system captures:
- User information (email, name, role, department)
- Network data (IP address, location, ISP)
- Device details (type, browser, OS)
- File properties (name, type, size, sensitivity)
- Access patterns and history
Monitoring Exclusions
Configurable exclusions for:
- Service accounts
- Admin accounts
- Whitelisted domains