Gsuite Drive Share In External Email

Gsuite Drive Share In External Email

Description

This search is to detect suspicious google drive or google docs files shared outside or externally. This behavior might be a good hunting query to monitor exfitration of data made by an attacker or insider to a targetted machine.

   Help

Gsuite Drive Share In External Email Help

To successfully implement this search, you need to be ingesting logs related to gsuite having the file attachment metadata like file type, file extension, source email, destination email, num of attachment and etc.

   Search

Open in Search