Start an investigation based on a dashboard chart

Supported editions for this feature: Enterprise; Education Standard and Plus.  Compare your edition

You can start an investigation by clicking a link in some security dashboard reports. The search results are then pre-populated in the investigation tool. 

This feature is available from the following charts on the dashboard:

  • File exposure—What does external file sharing look like for the domain?
  • Compromised device events—What compromised device events have been detected?
  • Suspicious device activities—What suspicious device activities have been detected?
  • Failed device password attempts—How many times were there failed password attempts on devices?

Note: The charts available on the security dashboard will vary depending on your Google Workspace edition.

To start an investigation from the security dashboard:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. From the Admin console Home page, go to Securityand thenDashboard.

    To see Security on the Home page, you might have to click More controls at the bottom.

  3. From one of the above charts, click VIEW REPORT.
  4. Apply filters to the report, such as the date range or domain.
  5. Start an investigation by hovering on the investigation icon  in the report, and then clicking New Investigation. You can start an investigation based on the entire table in the report, or based on a single row in the table.
  6. Click SEARCH.
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center