Start an investigation based on a dashboard chart

Security dashboard & security investigation tool
You can start an investigation by clicking a link in some security dashboard reports. The search results are then pre-populated in the investigation tool. 

This feature is available from the following charts on the dashboard:

  • File exposure—What does external file sharing look like for the domain?
  • Compromised device events—What compromised device events have been detected?
  • Suspicious device activities—What suspicious device activities have been detected?
  • Failed device password attempts—How many times were there failed password attempts on devices?

Note: The charts available on the security dashboard will vary depending on your Google Workspace edition.

Your access to the security investigation tool

  • Supported editions for the security investigation tool include Enterprise Plus, Education Standard, Education Plus, and Enterprise Essentials Plus.
  • Admins with Cloud Identity Premium, Frontline Standard, Enterprise Standard, and Education Standard can also use the investigation tool for a subset of data sources.
  • Your ability to run a search in the investigation tool depends on your Google edition, your administrative privileges, and the data source. If you're unable to run a search in the investigation tool for a specific data source, you can use the audit and investigation page instead. For more information, go to Improved audit and investigation experience.
  • You can run a search in the investigation tool on all users, regardless of the Google edition they have.

Start an investigation from the security dashboard

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu ""and then"" Securityand thenSecurity centerand thenDashboard.
  3. From one of the above charts, click VIEW REPORT.
  4. Apply filters to the report, such as the date range or domain.
  5. Start an investigation by hovering on the investigation icon "" in the report, and then clicking New Investigation. You can start an investigation based on the entire table in the report, or based on a single row in the table.
  6. Click SEARCH.
Was this helpful?
How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Google apps
Main menu
2794058063540281170
true
Search Help Center
true
true
true
true
true
73010