惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Latest
Security Latest
D
DataBreaches.Net
The Register - Security
The Register - Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
Engineering at Meta
Engineering at Meta
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
P
Proofpoint News Feed
D
Docker
Y
Y Combinator Blog
T
The Blog of Author Tim Ferriss
云风的 BLOG
云风的 BLOG
G
Google Developers Blog
I
InfoQ
H
Help Net Security
MongoDB | Blog
MongoDB | Blog
Recent Announcements
Recent Announcements
L
Lohrmann on Cybersecurity
T
The Exploit Database - CXSecurity.com
Recorded Future
Recorded Future
G
GRAHAM CLULEY
Microsoft Security Blog
Microsoft Security Blog
WordPress大学
WordPress大学
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
The Cloudflare Blog
Help Net Security
Help Net Security
雷峰网
雷峰网
W
WeLiveSecurity
GbyAI
GbyAI
N
News and Events Feed by Topic
L
LINUX DO - 最新话题
T
Tailwind CSS Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
V
Vulnerabilities – Threatpost
V
V2EX
Application and Cybersecurity Blog
Application and Cybersecurity Blog
M
MIT News - Artificial intelligence
J
Java Code Geeks
Microsoft Azure Blog
Microsoft Azure Blog
Last Week in AI
Last Week in AI
Hugging Face - Blog
Hugging Face - Blog
Cisco Talos Blog
Cisco Talos Blog
Webroot Blog
Webroot Blog
AI
AI
S
Security @ Cisco Blogs
Jina AI
Jina AI
The Last Watchdog
The Last Watchdog
Google DeepMind News
Google DeepMind News

Datadog | The Monitor blog

Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure Annotate traces to improve LLM quality with Datadog LLM Observability What’s new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog’s platform in the AI age: The role of observability data Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage Move fast, don’t break things: Consistent testing standards at scale Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool Monitor Lustre with Datadog Make faster, better product decisions with Datadog Product Analytics Surface and remediate runtime posture issues with Workload Protection Findings Protect agentic AI applications with Datadog AI Guard How to optimize JavaScript code with CSS Trace Google Pub/Sub workloads in Cloud Run with Datadog Detect human names in logs with ML in Sensitive Data Scanner How we cut our NLQ agent debugging time from hours to minutes with LLM Observability Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring Datadog acquires Propolis Unify and correlate frontend and backend data with retention filters Scale compliance across global frameworks with Datadog Cloud Security Monitor Arista VeloCloud SD-WAN performance with Datadog Building reliable dashboard agents with Datadog LLM Observability Simplify log collection and aggregation for MSSPs with Datadog Observability Pipelines Mitigation for Node.js denial-of-service vulnerability affecting Datadog APM Automate flaky test fixes with the Bits AI Dev Agent and Test Optimization How we built an AI SRE agent that investigates like a team of engineers Datadog integrations 2025 recap: Observability for AI, security, and hybrid cloud Design effective executive dashboards with Datadog Implement dbt data quality checks with dbt-expectations Bring faster visibility into AWS Lambda functions with remote instrumentation Troubleshoot faster with the GitLab Source Code integration in Datadog How Cambia Health Solutions saved $30,000 monthly with Cloud Cost Management and the Datadog Resource Catalog Normalize any logs for Cloud SIEM with Datadog's OCSF processor Optimizing Datadog at scale: Cost-efficient observability at Zendesk Detect, diagnose, and resolve network issues easily with CNM Network Health Connect engineering errors to user impact in early-stage products Cilium configuration for Kubernetes operations at scale Designing feedback loops for progressive delivery Ship features faster and safer with Datadog Feature Flags Choosing the right OpenTelemetry Collector distribution Route your monitor alerts with Datadog monitor notification rules Automate Cloud SIEM investigations with Bits AI Security Analyst Cloud threat detection: How to identify risky activity across control and data planes Collecting Kafka performance metrics Monitoring Kafka with Datadog Monitoring Kafka performance metrics
Monitor Google Workspace with Datadog
Mallory Mooney, Anshum Garg · 2019-12-02 · via Datadog | The Monitor blog

Google Workspace (formerly G Suite) is a collection of cloud-based productivity and collaboration tools developed by Google. Today, millions of teams use Google Workspace (e.g., Gmail, Drive, Hangouts) to streamline their workflows. Monitoring Google Workspace activity is an essential part of security monitoring and audits, especially if these applications have become tightly integrated with your organization’s data. To help administrators monitor activity across their organizations, Google Workspace provides audit logs that you can now search, analyze, and alert on with Datadog, just like your other system and application logs.

Monitor activity across all of your Google Workspace applications

Once you enable Datadog’s integration, you can monitor key events from Google Workspace’s audit logs, including:

  • Administrative access to Google Workspace (i.e., who is accessing the Admin console, creating new users, and suspending accounts)

  • Activity in Google Drive (e.g., file changes, shared files)

  • User login activity (e.g., successful and failed login attempts, suspicious logins)

  • Changes to a user’s account (e.g., password changes, account recovery changes)

You can search your Google Workspace audit logs for specific events like successful logins and correlate that activity with other key attributes like a user’s IP address or email address. Datadog lets you create facets on log attributes, so you can immediately begin analyzing trends in Google Workspace activity and create targeted alerts that automatically notify you of potential problems. And with Datadog’s Alert Center integration, you can automatically capture real-time security events generated by Google and monitor them alongside Workspace audit logs in Datadog’s Security Platform.

Monitor access to Google Workspace’s Admin console

The Admin console gives administrators the ability to manage settings for all of your organization’s Google Workspace applications and user accounts. You can use Datadog to monitor key administrative activity, such as creating new user accounts or deleting users from your organization. For example, you can view all created users with the following search in the Log Explorer:

source:gsuite service:admin @evt.name:CREATE_USER

Audit logs provide details about the user as well as the administrator who created (or deleted) the user. This enables you to track critical processes like onboarding (or offboarding) a user. Having the right policies in place for offboarding a user, for example, can protect your data once someone leaves your organization.

You can also analyze your Admin audit logs to track key trends. For example, you can track the most common types of Admin console activity in a toplist, then drill down to view individual logs for more details about a specific activity.

Create a toplist of top Admin activities

Track changes to files in Google Drive

If your organization uses Google Drive, Datadog can help you track events such as when users create new files or share them with others. For example, you can see a Live Tail of all newly created files with this search:

source:gsuite service:drive @evt.name:create

When you select an individual log, you can quickly see more information about the associated file, including its title, type (e.g., document, drawing, spreadsheet), visibility (e.g., public, shared via link), and owner. You can use this information to analyze Drive activity for all of your users. For example, you can monitor sharing activity by creating an alert for all files that are shared outside your domain, or you can create a toplist in Log Analytics to view the top downloaded documents.

Create a toplist of top downloaded docs

Monitor Google Workspace login activity

In addition to capturing administrative and Drive activity, Google Workspace audit logs track login activity across your organization, such as successful (and failed) login attempts. For any login event, you can view information about how the user attempted to log in, the type of failure, and the email address used to log in.

This type of information is useful for troubleshooting login-related issues. For example, you can search for all successful login attempts:

source:gsuite service:login @evt.name:login_success

And, with Log Analytics, you can easily compare all successful logins (shown in blue) and failed attempts (shown in red), as seen in the example timeseries below.

Track all Google Workspace login attempts

Google Workspace marks a successful login attempt as suspicious if it detects that a user logged in from an unfamiliar IP address, and will include an attribute for it in its audit logs. You can create a facet on this attribute and easily search for all login attempts that are marked as suspicious.

Create a facet from Google Workspace attributes

Or you can use this facet to create an alert that will automatically notify you if a suspicious login occurs, so you can follow up with the user to ensure that their account hasn’t been compromised.

Datadog also enables you to generate metrics from any log attribute. This means that you can create a metric for failed login attempts, and use anomaly detection to detect any unusual trends, as shown below.

Track Google Workspace login anomalies

If you notice an abnormal spike in failed login attempts, you can click the graph to inspect the logs. Since each log contains key attributes such as a user’s email address, you can easily search on an attribute and correlate failed login attempts with other Google Workspace activity (e.g., changes to a user’s account).

View changes to a user’s account

Google Workspace audit logs can also help you track account activity, including when a user changes a password or updates their account recovery information (i.e., an email address, a phone number, and a secret question). As with any Google Workspace audit log, you can search for a subset of logs based on the type of user activity you’re interested in monitoring. For example, the following search helps you quickly find all logs related to changing an account password:

source:gsuite service:user_accounts @evt.name:password_edit

If you notice this activity in your logs for a specific user, you can follow up and take the appropriate action. Additionally, you can track if users have disabled 2-Step Verification (2SV) for their accounts by using the query below to create an alert:

source:gsuite service:user_accounts @evt.name:2sv_disable

If you get notified, you can quickly start troubleshooting and investigate if the change was unintentional or due to incorrect permissions.

Get security visibility into your Google Workspace logs

For even greater visibility into Google Workspace activity, you can create Detection Rules on your audit logs and use them to quickly triage possible attacks or issues with a user’s account. For example, you can create a rule to detect when a user tries to log into their account with a leaked password and automatically notify your team with Slack, PagerDuty, or one of Datadog’s other collaboration integrations.

Create a detection rule with Google Workspace audit logs

If this rule triggers, Datadog will create a security signal that you can search and filter on, so you can immediately begin investigating. All of your signals are aggregated in the Security Signals explorer, and each signal provides more context around the incident such as a timeline of events and information about the users who attempted to log in. This enables you to easily follow up with users and ensure they update their passwords for each affected account. You can read more about creating Detection Rules in our documentation.

Capture real-time security events from Google Alert Center

Google Workspace also generates actionable security alerts with the Alert Center, notifying you of any threats to your workspace as soon as they happen. You can export alerts as logs to Datadog and automatically generate relevant security signals in the Security Platform, giving you instant visibility into any activity that Google has flagged as suspicious. This includes phishing and spoofing attacks, upticks in user-reported spam, account changes, and more.

Datadog’s Google Workspace and Alert Center integrations enable you to centralize audit logs and security events, so you can view activity across your entire workspace, be alerted to threats, and customize rules to match security policies in one place.

Monitor, audit, and archive your Google Workspace logs

Google Workspace audit logs provide extensive information about administrative- and user-related activity across your organization, so you can gather all the context you need to troubleshoot issues, conduct audits, and detect suspicious activity. With Datadog, you can easily analyze and alert on these logs alongside your other infrastructure, security, and application logs—and archive them in cloud storage for security, technical, or business audits. And, if you need to access archived Google Workspace logs for any reason, you can retrieve them on demand.

Check out our documentation to learn more about collecting Google Workspace audit logs. Or, if you don’t already have a Datadog account, get started with a free 14-day trial.