File exposure report

This feature is available with G Suite Enterprise, G Suite Enterprise for Education, and Drive Enterprise editions. Compare editions

The file exposure report provides insights into how file sharing exposes your domain's data. The file exposure report displays the following details:

  • The different types of file sharing methods over time (including internal shares)
  • Which shared files have been viewed frequently
  • Which outside domains have been shared to frequently
  • Which DLP rules have been triggered frequently

Note: The security dashboard also includes a summary of file exposure data. For details, see Security dashboard

View the file exposure report

  1. Sign in to your Google Admin console at admin.google.com.
    Be sure to sign in using your administrator account, and not your personal Gmail account.
  2. Click Security.
  3. Click Dashboard.
  4. Go the panel titled What does external file sharing look like for the domain? In the bottom-right corner of the panel, click View report.

​Sharing events graph

At the top of the File exposure report, the Sharing events graph displays the number of sharing events for a specific time period. You can customize the report to view data from Today, Yesterday, This week, Last week, This month, Last month, or Days ago (up to 180 days).

The lines in this graph display statistics for 5 types of sharing methods:

Anyone in domain The file is accessible to anyone in your domain.
Internal The user shared the file only with specific people in your domain. 
Private The file is private (not shared with anyone). At one time, the user shared the file and then later un-shared it.
Anyone with link Anyone inside or outside of your domain who has access to the link can access the file.
External

The file is shared with at least one user outside of your domain.

Note:

  • With Google Groups, a file is marked as an External share if a user shares that file to a group that allows external members, even if there are no external members in the group.
  • Sharing a file with a group that allows external sharing counts as 1 external share.
  • If a user on a secondary domain creates a file and that file is only shared with themselves, it counts as an external share.
  • If a user on a secondary domain shares a file with another user from the secondary domain, it counts as an external share.

 

Note: 

  • There may be a delay of up to 80 minutes for Drive data to be displayed for some domains.
  • You can hide lines in the graph by clicking on the legend. For example, click Private to hide data related to private file sharing. This is especially useful if one line overlaps another.
  • Deleted files may be represented in the Drive File exposure report.
     

Click any data point in the graph to view more details about each sharing method on specific dates. You can also use the Domain drop-down list to view data for All domains or for specific domains. Note that shared drive events are only included in the report when viewing data for All domains, since shared drive events do not belong to any specific domain.

Compare current and historical data

To compare the current data to historical data, in the top right, from the Statistical analysis menu, select Percentile. You’ll see an overlay on the chart to show the 10th, 50th, and 90th percentile of historical data (180 days for most data and 30 days for Gmail data). Then, to change the analysis, at the top right of the chart, use the menu to change the overlay line.

Top viewed files

At the bottom half of the File exposure report page, view a table that lists the top viewed files that were shared from your domain (this table is displayed by default when you open the File exposure report).

The table lists the file names, the top viewed files, the sharing method, and the owners of the files. Click EXPORT to export all information in the table. 

By default, the table displays data for the time range specified at the top of the page. You can also display the top viewed files for just one date by clicking that date in the line graph.

Top domains files are shared with

At the bottom half of the File exposure report page, you can view a chart that lists the top domains that files are shared with. To view this chart, click DOMAINS.

The chart lists the domain names and the number of files that were shared to that domain. You can also gather more details for each domain by exporting a spreadsheet that specifies which files were shared with that domain.

To export a spreadsheet:

  1. Click Spreadsheet  for the relevant domain.
  2. In the Export file list to Drive window, click EXPORT.

    A spreadsheet of the files that were shared with this domain is generated and saved to your My Drive folder.

Top data loss prevention (DLP) rules

At the bottom half of the File exposure report page, you can view a chart that lists the top data loss prevention (DLP) rules that were triggered in your domain, and the number of times these rules were triggered. To view this chart, click DLP RULES.

About DLP
Administrators can use DLP rules to help prevent users from sharing sensitive content within Google Drive files outside the company domain. DLP scans Drive files for sensitive content, and policy-based actions can be triggered when any sensitive content is detected. Available actions include sending an email to super administrators, sending an email to the user who created, edited, or uploaded a file with sensitive content, or blocking sharing of any file with sensitive content.

About Google Sites files

  • A Google Sites file has two states: a draft version and a published version. The File exposure report captures views of the draft version, but not the published version.
  • If you share a Google Sites file with a user outside of your domain using the Can view published setting, the file visibility is recorded as external in the File exposure report—even if that file is not yet published and the user has nothing to read yet.
Was this helpful?
How can we improve it?