Google Workspace

Overview

Import your Google Workspace security logs in Datadog. Upon enabling this integration, Datadog automatically starts pulling in logs for the following Google Workspace services:

ServiceDescription
Access TransparencyThe Google Workspace Access Transparency activity reports return information about different types of Access Transparency activity events.
AdminThe Admin console application’s activity reports return account information about different types of administrator activity events.
CalendarThe Google Calendar application’s activity reports return information about various Calendar activity events.
ChromeThe Chrome activity report returns information about the ChromeOS activity of all of your account’s users. Each report uses the basic endpoint request and provides report-specific parameters such as logins, adding or removing users, or unsafe browsing events.
Context-Aware AccessThe context-aware access activity report returns information about denials of application access to your account’s users. It uses the basic report endpoint request and provides specific parameters such as device ID and the application to which access was denied.
DriveThe Google Drive application’s activity reports return information about various Google Drive activity events. The Drive activity report is only available for Google Workspace Business customers.
Google ChatThe Chat activity report returns information about how your account’s users use and manage Spaces. Each report uses the basic endpoint request with report-specific parameters such as uploads or message operations.
Google CloudThe Google Cloud activity report returns information about various activity events related to the Cloud OS Login API.
Google KeepThe Keep activity report returns information about how your account’s users manage and modify their notes. Each report uses the basic endpoint request with report-specific parameters such as attachment upload information or note operations.
Google MeetThe Meet activity report returns information about various aspects of call events. Each report uses the basic endpoint request with report-specific parameters such as abuse report data or livestream watch data.
GplusThe Google+ application’s activity reports return information about various Google+ activity events.
GroupsThe Google Groups application’s activity reports return information about various Groups activity events.
Enterprise GroupsThe Enterprise Groups activity reports return information about various Enterprise group activity events.
JamboardThe Jamboard activity report returns information about changes to Jamboard device settings. Each report uses the basic endpoint request with report-specific parameters such as licensing or device pairing settings.
LoginThe Login application’s activity reports return account information about different types of Login activity events.
MobileThe Mobile Audit activity reports return information about different types of Mobile Audit activity events.
RulesThe Rules activity reports return information about different types of Rules activity events.
TokenThe Token application’s activity reports return account information about different types of Token activity events.
SAMLThe SAML activity report returns information about the results of SAML login attempted. Each report uses the basic endpoint request with report-specific parameters such as the failure type and SAML application name.
User AccountsThe User Accounts application’s activity reports return account information about different types of User Accounts activity events

Setup

Installation

Follow the Google Workspace Admin SDK Reports API: Prerequisites documentation before configuring the Datadog-Google Workspace integration.

Note: Certain OAuth scopes may be required for setup. See the Google Workspace Admin SDK Authorize Requests documentation.

To configure the Datadog Google Workspace integration, click on the Connect a new Google Workspace domain button in your Datadog-Google Workspace integration tile and authorize Datadog to access the Google Workspace Admin API.

Data Collected

Logs

See the Google Workspace Admin SDK documentation for the full list of collected logs and their content.

Note: The Groups, Enterprise Groups, Login, Token, and Calendar logs are on a 90 minute crawler because of a limitation in how often Google polls these logs on their side. Logs from this integration are only forwarded every 1.5-2 hours.

Metrics

The Google Workspace integration does not include any metrics.

Events

The Google Workspace integration does not include any events.

Service Checks

The Google Workspace integration does not include any Service Checks.

Troubleshooting

Need help? Contact Datadog support.