📖 3 mins read
Google is adding new alerts to the alert center. Specifically, you can now see alerts for:
- Reporting rules (formerly known as custom audit log alerts)
- Eleven other new alerts related to changes to app settings and user accounts (formerly known as predefined admin alerts, see more details below)
Within the alert center, you can view important details about specific alerts, including a summary of the alert, date and time of the event, event description, and name of the related audit log. You can also click to search in audit logs to view more details about the event that triggered the alert.
Why it’s important
You can use the alert center to view notifications about potential issues within your domain and take action (like end-user education or updates to existing policies or settings) to resolve the issues and protect your organization from security threats. You can also use the alert center API to export alerts into existing systems, such as a Security Information and Event Management system (SIEM) or ticketing platform.
Google previously moved management of both the reporting rules (formerly known as custom alerts) and other alerts (formerly known as predefined admin alerts) to the security rules section of the Admin console. This provided a more consolidated view of rules and alerts and made it easier to manage alerts from a single location. By bringing notifications from those alerts to the alert center, Google is creating a more complete and centralized location to view important notifications and potential security threats to your organization. This provides a more comprehensive view of relevant alerts and helps you better understand and manage your organization.
Reporting rules now in the alert center
Reporting rules are custom rules that allow you to create custom alerts based on your organization’s audit logs. Previously, you could only get email notifications when these rules were triggered. With this launch, you can see these events in the alert center.
For reporting rules that are already set up, admins will need to opt in manually to turn on alert center notifications for each rule. For newly set up reporting rules, the alert center notifications will be on by default, but admins can turn this off during or after rule setup.
New ‘Send to alert center’ option when creating or editing a reporting rule
Eleven alerts for user and app setting changes now in the alert center
You can now choose to see notifications for the 11 alerts listed below. The alert center notifications for these will be off by default, and admins can choose to turn them on.
- Calendar settings changed
- Drive settings changed
- Email settings changed
- Mobile settings changed
- New user added
- Suspended user made active
- User deleted
- User granted Admin privilege
- User suspended (Administrator email alert)
- User’s Admin privilege revoked
- User’s password changed
- Reporting rules: For alerts that are already set up, alerts will be off by default. For alerts that are newly set up, alerts will be on by default. Admins can turn alert center notifications on or off while creating or editing a rule. Visit the Help Center to learn how to create and view reporting rules and set up alerts.
- User and app settings changes: Alerts are off by default, but can be turned on for each alert individually. Visit the Help Center to learn or view and manage alerts in the alert center.
- End users: No end user impact
- Rapid Release and Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on February 18, 2021.
- Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, and Education Plus, as well as Google Workspace Basic, Business, and Nonprofits customers
Thanks for sharing and spreading the word!