đź“– 6 mins read

GAT Shield Alert Rules

Introduction

GAT Shield provides an extensive way to alert admins and delegated auditors on certain behaviours in their domain and web activity.

By deploying the extension to the web browser, Shield is able to monitor the browser, report back and take action on any alerts configured by the admin/auditor.

Alert Rules

1.By Navigating to the Alert Rules section in GAT Shield, you’ll be presented with the Alert Rules window.

2. To pick the type of alert you want select the Add Rule icon. Alternatively you can  Add from a template.

GAT Shield | Alert Rules Explained 1

Alert Rule Types

File download

This alert allows admins/auditors to capture any file download activity.

To set up the rule configure the options below:

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • File extensions – The type of file extensions to monitor. ( DOC and DOCX, HTML and HTM, PDF, XLS and XLSX etc ).
  • File size – Minimum number of size to detect in ( Bytes, Kilobytes, Megabytes, Gigabytes ).
  • Cancel/delete download – Toggle to cancel/delete download.
  • Report file name – Include file name and meme type in the alert.
  • Monitor on the following sites only – Monitor exclusive list of sites.
  • Site exclusions – Exclude certain sites from the rule.
  • Scope – Users email or Org. unit to be monitored.
  • Scope exclusions – Users email or Org. unit to be excluded from the rule.
  • End-user action,
  1. Display warning message.
  2. Display warning message and close the browsing tab.
  3. Display warning message and redirect.
  4. Close the browser tab without a message.
  5. Redirect without a message.
  6. None.
  • Warning message – warning message to display.
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – the capture of webcam on the device (access must be pre-configured in the admin console).

GAT Shield | Alert Rules Explained 2

Page Content Inspection

This alert allows admins/auditors to trigger an alert on any words specified in the rule for any webpage.

To set up the rule configure the options below:

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • Page content inspection Regex – enter words to trigger in a regex format.
  • Distinct uppercase and lowercase letters – toggle to activate.
  • Regex word exclusions – words to exclude in a regex format.
  • Page Keywords – Add words to trigger on any webpage.
  • Alert trigger threshold – The minimum amount of words to trigger an alert.
  • Report matched text – Include the triggered text in the notification.
  • Monitor on the following sites only 
  • Site exclusions -Sites to be excluded from the rule.
  • Scope – Users email or Org. unit to be monitored.
  • Scope exclusions – Users email or Org. unit to be excluded from the rule.
  • End-user action,
  1. Display warning message.
  2. Display warning message and close the browsing tab.
  3. Display warning message and redirect.
  4. Close the browser tab without a message.
  5. Redirect without a message.
  6. None.
  • warning message – warning message to display
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – the capture of webcam on the device (access must be pre-configured in the admin console).

GAT Shield | Alert Rules Explained 3

Google Docs Inspection

This alert allows admins/auditors to trigger an alert on any words specified in the rule for any Google document.

To set up the rule configure the options below:

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • Google docs content inspection Regex – enter words to trigger in a regex format.
  • Distinct uppercase and lowercase letters – toggle to activate.
  • Regex word exclusions – words to exclude in a regex format.
  • Page Keywords – Add words to trigger on any webpage.
  • Alert trigger threshold – The minimum amount of words to trigger an alert.
  • Report matched text – Include the triggered text in the notification.
  • Monitor on the following sites only 
  • Site exclusions -Sites to be excluded from the rule.
  • Scope – Users email or Org. unit to be monitored.
  • Scope exclusions – Users email or Org. unit to be excluded from the rule.
  • End-user action,
  1. Display warning message.
  2. Display warning message and close the browsing tab.
  3. Display warning message and redirect.
  4. Close the browser tab without a message.
  5. Redirect without a message.
  6. None.
  • warning message – warning message to display
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – the capture of webcam on the device (access must be pre-configured in the admin console).

GAT Shield | Alert Rules Explained 4

Visit

This alert allows admins/auditors to trigger an alert on any websites visited that are configured in the alert rule.

To set up the rule configure the options below,

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • Check page URL proximity – Toggle to activate a trigger when any site visited is not matched with the site list. (for authenticity)
  • Page URL regex -enter page URLs to trigger in a regex format.
  • Report site name – Toggle to send site name in the trigger notification.
  • Scope – Users email or Org. unit to be monitored.
  • Scope exclusions – Users email or Org. unit to be excluded from the rule.
  • End-user action,
  1. Display warning message.
  2. Display warning message and close the browsing tab.
  3. Display warning message and redirect.
  4. Close the browser tab without a message.
  5. Redirect without a message.
  6. None.
  • warning message – warning message to display
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – the capture of webcam on the device (access must be pre-configured in the admin console).

GAT Shield | Alert Rules Explained 5

Search

This alert allows admins/auditors to trigger an alert on any search words input on any webpage.

To set up the rule configure the options below,

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • Search term – Enter search words to trigger.
  • Search term regex -enter search words to trigger in a regex format.
  • Distinct uppercase and lowercase letters – toggle to activate.
  • Report site name – Toggle to send site name in the trigger notification.
  • Monitor on the following sites only 
  • Site exclusions -Sites to be excluded from the rule.
  • Scope – Users email or Org. unit to be monitored.
  • Scope exclusions – Users email or Org. unit to be excluded from the rule.
  • End-user action,
  1. Display warning message.
  2. Display warning message and close the browsing tab.
  3. Display warning message and redirect.
  4. Close the browser tab without a message.
  5. Redirect without a message.
  6. None.
  • warning message – warning message to display
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – the capture of webcam on the device (access must be pre-configured in the Admin console).

GAT Shield | Alert Rules Explained 6

Device Usage

This alert allows admins/auditors to receive an alert if a device appears to be active again, particularly useful for missing devices.

To set up the rule configure the options below,

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • User OR device – Users or devices to cover with this rule.
  • End-user action,
  1. Display warning message.
  2. Display warning message and close the browsing tab.
  3. Display warning message and redirect.
  4. Close the browser tab without a message.
  5. Redirect without a message.
  6. None.
  • warning message – warning message to display
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – The capture of webcam on the device. (access must be preconfigured in the admin console).

GAT Shield | Alert Rules Explained 7

Location

This alert allows admins/auditors to trigger an alert if users are outside a specified location.

To set up the rule configure the options below:

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • Location Bounds – select an area on the map that will define the non-triggerable location.
  • Scope – Users email or Org. unit to be monitored.
  • Scope exclusions – Users email or Org. unit to be excluded from the rule.
  • End-user action,
  1. Display warning message.
  2. Display warning message and close the browsing tab.
  3. Display warning message and redirect.
  4. Close the browser tab without a message.
  5. Redirect without a message.
  6. None.
  • warning message – warning message to display
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – the capture of webcam on the device. (access must be preconfigured in the admin console).

GAT Shield | Alert Rules Explained 8

IP Address

This alert allows admins/auditors to trigger an alert if users either match the specified IP addresses or mismatch.

To set up the rule configure the options below:

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • IP Addresses – IP addresses to be considered in the rule.
  • Mode – Toggle for a match or no match mode.
  • Scope – Users email or Org. unit to be monitored.
  • Scope exclusions – Users email or Org. unit to be excluded from the rule.
  • End-user action,
  1. Display warning message.
  2. Display warning message and close the browsing tab.
  3. Display warning message and redirect.
  4. Close the browser tab without a message.
  5. Redirect without a message.
  6. None.
  • warning message – warning message to display
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – the capture of webcam on the device. (access must be preconfigured in the admin console).

GAT Shield | Alert Rules Explained 9

Active ID

This alert allows admins/auditors to trigger an alert if users do not match their active ID verification. Active ID continuously checks if the designated user is using the device at hand.

To set up the rule configure the options below:

  • Alert rule name – Alert rule name.
  • Active – Toggle to activate/disactivate rule.
  • Prediction threshold – Set threshold value for minimum breach trigger.
  • Report site name – Toggle to send site name in the trigger notification.
  • End-user log out the action,
  1. None.
  2. Soft logout.
  3. Hard logout.
  • Scope – Users email or Org. unit to be monitored.
  • Scope exclusions – Users email or Org. unit to be excluded from the rule.
  • warning message – warning message to display
  • Alert recipients – Recipients for the alert in place.
  • Screen capture – Screenshot of the screen where alert triggered.
  • Webcam capture – the capture of webcam on the device. (access must be preconfigured in the admin console).

GAT Shield | Alert Rules Explained 10

Denoted User/Last USer Mismatch

This alert allows admins/auditors to trigger an alert whenever someone who are not the denoted user of the device is using the device.

This feature uses a variety of information gathered from Shield to determine if the identity of the denoted user and the user actually using  the device at hand match  (particularly Chromebooks assigned to a certain user).

GAT Shield | Alert Rules Explained 11

 

If you’d like to run a trial of our products please install GAT+ from the Google Workspace Marketplace and contact us at support@gatlabs.com with any questions you may have.

To request a demo please click here and fill the form. We’ll get back to you in less than 12 hours during weekdays.

If you trailed GAT in the past and would like to run a fresh trial again, please inquire through this form.

Thanks for sharing and spreading the word!