As an administrator, use the alert center to view notifications about potential issues within your domain, and take action (like end-user education or updates to existing policies or settings) to resolve the issues and protect your organization from security threats.
How to use the alert center
From the alert center, you can view a list of alerts, and then click any item in the list to view details about those alerts. If your organization uses an Enterprise edition, you can also start an investigation from the alert center by linking directly to the security investigation tool. Using the investigation tool, you can then make adjustments to your Google Admin console security settings if needed, or take other actions in response to the alert.
Get started with the alert center:
- For instructions on how to access the alert center, see Use the alert center.
- For descriptions of the different alert types that are available in the alert center, see View alert details.
Alert center API
You can also use the alert center API to manage alerts on issues affecting your domain.
While domain administrators can see and manage alerts manually from the Google Admin console, the Alert Center API lets apps that you build retrieve alert data and alert feedback. The API can also create new alert feedback for existing alerts.
For example, a monitoring app could use the Alert Center API to retrieve the most recent alerts for a domain, prioritize them, and then notify members of your organization. After your team responds to the alert, the app could then attach feedback to the alert based on their findings.
For details about the Alert center API, see Google Workspace alert center API and Alert center API.
Take action on alerts
If you're an Enterprise administrator, you can start an investigation based on an alert and take action. Click one of the magnifying glass icons on the far-right side of the Alert center page. Or, from the details page, click Investigate ALERT. You can then use the investigation tool to take action—for example, to wipe a device or suspend a user. For instructions, see Start an investigation.
Alerts are retained in the alert center for approximately 10 years.
How the alert center differs from admin email alerts
The alert center is a different feature than the administrator email alerts described in About reports and alerts:
- The alert center enables you to view alerts and alert details directly in the Google Admin console. The alert center includes additional in-depth details that enable you to take action to resolve numerous issues that might affect your domain, and it provides critical alerts that are based on advanced technologies such as machine learning.
- Administrators can use administrator email alerts to set up email notifications—for example, to notify admins of suspicious login attempts, or to notify them of service-setting changes by other administrators. You can customize these alerts in the Reports section of the Google Admin console.
- Administrators can set up email notifications for alert center alerts by configuring a rule in the Google Admin console.
- Some alerts in the alert center are similar to the admin email alerts, but the alert center does not include a comprehensive set of alerts that match each of the admin alerts.