Security dashboard & security investigation tool
Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus; Cloud Identity Premium. Compare your edition
You can start an investigation by clicking a link in some security dashboard reports. The search results are then pre-populated in the security investigation tool.
This feature is available from the following charts on the dashboard:
- File exposure—What does external file sharing look like for the domain?
- Compromised device events—What compromised device events have been detected?
- Suspicious device activities—What suspicious device activities have been detected?
- Failed device password attempts—How many times were there failed password attempts on devices?
Start an investigation from the security dashboard
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
Go to Menu
Security > Security center > Dashboard.
Requires having the Security center administrator privilege.
- From one of the above charts, click VIEW REPORT.
- Apply filters to the report, such as the date range or domain.
- Start an investigation by hovering on the investigation icon
in the report, and then clicking New Investigation. You can start an investigation based on the entire table in the report, or based on a single row in the table.
- Click SEARCH.
