open-menu
closeme
Application Added to Google Workspace Domain
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Application Removed from Blocklist in Google Workspace
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Domain Added to Google Workspace Trusted Domains
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Defense Evasion
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
External User Added to Google Workspace Group
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Tactic: Initial Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Google Workspace OAuth Login from Third-Party Application
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Tactic: Defense Evasion
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Forwarded Google Workspace Security Alert
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Log Auditing
Use Case: Threat Detection
·
Share on:
twitter
facebook
linkedin
copy
Google Drive Ownership Transferred via Google Workspace
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Tactic: Collection
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace 2SV Policy Disabled
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Admin Role Assigned to a User
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Admin Role Deletion
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Tactic: Impact
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace API Access Granted via Domain-Wide Delegation of Authority
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Bitlocker Setting Disabled
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Defense Evasion
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Custom Admin Role Created
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Custom Gmail Route Created or Modified
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Tactic: Collection
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Drive Encryption Key(s) Accessed from Anonymous User
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace MFA Enforcement Disabled
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Impact
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Object Copied from External Drive and Access Granted to Custom Application
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Tactic: Initial Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Password Policy Modified
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Restrictions for Google Marketplace Modified to Allow Any App
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Defense Evasion
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Role Modified
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Suspended User Account Renewed
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace User Organizational Unit Changed
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
MFA Disabled for Google Workspace Organization
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
to-top