The file exposure report in the security dashboard provides insights into how file sharing exposes your domain's data. The file exposure report displays the following details:
- The different types of file sharing methods over time (including internal shares)
- Which shared files have been viewed frequently
- Which outside domains have been shared to frequently
- Which DLP rules have been triggered frequently
Note: The security dashboard also includes a summary of file exposure data. For details, see Security dashboard.
View the file exposure report
In the Admin console, go to Menu SecuritySecurity centerDashboard.
- Go the panel titled What does external file sharing look like for the domain? In the bottom-right corner of the panel, click View report.
Sharing events graph
At the top of the File exposure report, the Sharing events graph displays the number of sharing events for a specific time period. You can customize the report to view data from Today, Yesterday, This week, Last week, This month, Last month, or Days ago (up to 180 days).
The lines in this graph display statistics for 5 types of sharing methods:
|Anyone in domain||The file is accessible to anyone in your domain.|
|Internal||The user shared the file only with specific people in your domain.
Note: Secondary domain users are treated as internal users.
|Private||The file is private (not shared with anyone). At one time, the user shared the file and then later un-shared it.|
|Anyone with link||Anyone inside or outside of your domain who has access to the link can access the file.|
The file is shared with at least one user outside of your domain.
- There may be a delay of up to 80 minutes for Drive data to be displayed for some domains.
- You can hide lines in the graph by clicking on the legend. For example, click Private to hide data related to private file sharing. This is especially useful if one line overlaps another.
Deleted files may be represented in the Drive File exposure report.
Click any data point in the graph to view more details about each sharing method on specific dates. You can also use the Domain drop-down list to view data for All domains or for specific domains. The list of domains only includes primary and secondary domains. Alias domains and external domains are not included.
Note that shared drive events are only included in the report when viewing data for All domains, since shared drive events do not belong to any specific domain.
Compare current and historical data
To compare the current data to historical data, in the top right, from the Statistical analysis menu, select Percentile (not available for all Security dashboard charts). You’ll see an overlay on the chart to show the 10th, 50th, and 90th percentile of historical data (180 days for most data and 30 days for Gmail data). Then, to change the analysis, at the top right of the chart, use the menu to change the overlay line.
Top viewed files
At the bottom half of the File exposure report page, view a table that lists the top viewed files that were shared from your domain (this table is displayed by default when you open the File exposure report).
The table lists the file names, the top viewed files, the sharing method, and the owners of the files. Click EXPORT to export all information in the table.
By default, the table displays data for the time range specified at the top of the page. You can also display the top viewed files for just one date by clicking that date in the line graph.
Top domains files are shared with
At the bottom half of the File exposure report page, you can view a chart that lists the top domains that files are shared with. To view this chart, click DOMAINS.
The chart lists the domain names and the number of files that were shared to that domain. You can also gather more details for each domain by exporting a spreadsheet that specifies which files were shared with that domain.
To export a spreadsheet:
- Click Spreadsheet for the relevant domain.
- In the Export file list to Drive window, click EXPORT.
A spreadsheet of the files that were shared with this domain is generated and saved to your My Drive folder.
Top data loss prevention (DLP) rules
At the bottom half of the File exposure report page, you can view a chart that lists the top data loss prevention (DLP) rules that were triggered in your domain, and the number of times these rules were triggered. To view this chart, click DLP RULES.
Administrators can use DLP rules to help prevent users from sharing sensitive content within Google Drive files outside the company domain. DLP scans Drive files for sensitive content, and policy-based actions can be triggered when any sensitive content is detected. Available actions include sending an email to super administrators, sending an email to the user who created, edited, or uploaded a file with sensitive content, or blocking sharing of any file with sensitive content.
About Google Sites files
- A Google Sites file has two states: a draft version and a published version. The File exposure report captures views of the draft version, but not the published version.
- If you share a Google Sites file with a user outside of your domain using the Can view published setting, the file visibility is recorded as external in the File exposure report—even if that file is not yet published and the user has nothing to read yet.