Use the alert center

The alert center includes two types of pages:

  • A list of alerts affecting your domain—This page is displayed after you sign in to the Google Admin console and navigate to the alert center. This list can span several pages, depending on the number of alerts that are active.
  • A details page that provides more information about each alert—You can access the details by clicking any item on the list of alerts. 

To get started with the alert center:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Menu and then Security and then Alert center.

 

View your list of alerts

After opening the alert center, a list is displayed that specifies the various alerts that are affecting your domain. Using this list, you can quickly determine how many alerts are currently active. Items in this list include a short description for each alert, the alert type, and the date for the alert.

See the sections below for more information.

Use filters to narrow your list of alerts

The alert center provides an overview of the different types of alerts that are affecting your domain. You can narrow the list that's displayed in the Alert Center by filtering for certain types of alerts or by filtering for a range of dates, or both.

Display specific alert types:

  1. From the list view in the alert center, click Add a filter.
  2. Click Alert type.
  3. From the Alert types window, check the boxes for the relevant alert types.
  4. Click APPLY.

    After applying your filter, a list is displayed that corresponds to the relevant alert types. You can then click any item in the list to view details about an alert.

Display alerts in specific date ranges: 

  1. From the list view in the alert center, click Add a filter.
  2. Click Date range.
  3. From the Date range window, select a date range for the alert.
  4. Click APPLY.

    After applying your filter, a list is displayed that corresponds to the alerts in the date range that you specified. You can then click any item in the list to view details about an alert.

Start an investigation

If you're a G Suite Enterprise administrator, you can start an investigation based on an alert. Click one of the magnifying glass icons on the far-right side of the Alert center page. Or, from the details page, click INVESTIGATE ALERT. You can then use the investigation tool to take action—for example, to wipe a device or suspend a user. For instructions, see Start an investigation.

View alert details

To view more details about any alert, click any item on the page to open the alert-details page. For more information, see View alert details.

Provide feedback on alerts

Alerts are generated based on a machine-learning system so that billions of signals can be taken into consideration to discover threats. For these alerts, you can tell us if this alert was correct or useful—which improves the accuracy of the alerts over time. This feedback is only used to improve signals for your domain, and is not shared outside of your organization.

Any administrator in your domain with full access to the alert center can provide feedback.

For more details, see Provide feedback on alerts.

View related alerts

From the alert details page, you can view a list of related alerts. This list enables you to quickly scan for alerts that have similar details, such as the same user email address.

Similar to the main alert center page, you can use the list of related alerts to give alert quality feedback or start an investigation related to that alert. You can click any alert in the list to open the details page for that alert.

View alert history

From the alert details page, you can view changes administrators make to an alert. For example, if an administrator changes the alert status from Not started to Closed, or if there's a change to the alert assignee or the alert severity, this section provides a record of that change, including the email address of the administrator, and the date and time the change was made. 

Related articles

Was this helpful?
How can we improve it?