Use the alert center

The alert center includes two types of pages:

  • A list of alerts affecting your domain—This page is displayed after you sign in to the Google Admin console and navigate to the alert center. This list can span several pages, depending on the number of alerts that are active.
  • A details page that provides more information about each alert—You can access the details by clicking any item on the list of alerts. 

To get started with the alert center:

  1. Sign in to your Google Admin console at admin.google.com with your administrator account. 
  2. From the main menu in the upper-left corner of the Admin console, click Security and then Alert center.

View your list of alerts

After opening the alert center, a list is displayed that specifies the various alerts that are affecting your domain. Using this list, you can quickly determine how many alerts are currently active. Items in this list include a short description for each alert, the alert type, and the date for the alert.

See the sections below for more information.

Use filters to narrow your list of alerts

The alert center provides an overview of the different types of alerts that are affecting your domain. You can narrow the list that's displayed in the Alert Center by filtering for certain types of alerts or by filtering for a range of dates, or both.

Display specific alert types:

  1. From the list view in the alert center, click Add a filter.
  2. Click Alert type.
  3. From the Alert types window, check the boxes for the relevant alert types.
  4. Click APPLY.

    After applying your filter, a list is displayed that corresponds to the relevant alert types. You can then click any item in the list to view details about an alert.

Display alerts in specific date ranges: 

  1. From the list view in the alert center, click Add a filter.
  2. Click Date range.
  3. From the Date range window, select a date range for the alert.
  4. Click APPLY.

    After applying your filter, a list is displayed that corresponds to the alerts in the date range that you specified. You can then click any item in the list to view details about an alert.

Start an investigation

If you're a G Suite Enterprise administrator, you can start an investigation based on an alert. Click one of the magnifying glass icons on the far-right side of the Alert center page. Or, from the details page, click INVESTIGATE ALERT. You can then use the investigation tool to take action—for example, to wipe a device or suspend a user. For instructions, see Start an investigation.

View alert details

To view more details about any alert, click any item on the page to open the alert-details page. For more information, see View alert details.

Provide feedback on alerts

For certain alert types, alerts are generated based on a machine-learning system so that billions of signals can be taken into consideration to discover threats. For these alerts, you can tell us if this alert was correct or useful—which improves the accuracy of the alerts over time. This feedback is only used to improve signals for your domain, and is not shared outside of your organization.

The feedback feature currently includes the following alert types:

  • User-reported phishing
  • Phishing compromise due to bad whitelist

Any administrator in your domain with full access to the alert center can provide feedback.

For more details, see Provide feedback on alerts.

Related articles

Was this helpful?
How can we improve it?