About evgenymeer

evgenymeer · 02-08-2024

@chrismc could you re-check? Based on my test, the audit log record was generated the moment user attempted to share a file and got blocked by the rule. In the Audit Log row you can find a column 'Triggering User'.

evgenymeer · 02-08-2024

@chrismc I'd suggest to run a query in the Security Investigation Tool for:Source: Rules Log Events Data range if needed (maximum of 180 days back) Triggered Action = Drive Block External Sharing Rule ID if required to investigate a specific data pro...

evgenymeer · 02-07-2024

Hello @chrismc ! You should be able to do what you describe using the Beta functionality released in December 2023. https://workspaceupdates.googleblog.com/2023/12/data-loss-prevention-rule-violation-snippets.html

evgenymeer · 05-08-2023

Please see the announcement relevant to the discussion on this thread.

Looker Community

My Stats

evgenymeer's Bio

Badges evgenymeer Earned

Recent Activity

Re: Are there logs when a document cannot be shared because of a DLP rule?

Re: Are there logs when a document cannot be shared because of a DLP rule?

Re: Are there logs when a document cannot be shared because of a DLP rule?

Re: Google Chat Space without any Space Manager