View and change alert severity

In the alert center in the Google Admin console, you can view details about alerts and their severity to get information about potential issues and security threats to your domain. You can filter alerts by severity, view details, or change the alert severity. 

You can then take action on alerts and change their status, assign them to a user in your domain to research, or if you’re a G Suite Enterprise administrator, start an investigation. 

By default, some alerts have pre-defined severity values of High, Medium, or Low. If an alert has no default severity or you want to change the severity for a certain type of alert, you can do this manually. 

View alerts according to severity

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. At the top, click Menu Menu and select Security and then Alert center. You’ll see any alerts for your domain. In the Severity column, you’ll see the assigned severity of each alert.
  3. At the top, click Add a filter and select Severity to filter alerts by their severity.
  4. Check the High, Medium, or Low box then click Apply. The severity you choose appears at the top.
  5. Click an alert to see details about it. 
  6. (Optional) To see alerts with a different severity, at the top, click Severity and select High, Medium, or Low.
  7. (Optional) To see all alerts, at the top, click Alert Center

Understand the Alert details page

After you click an alert, you can see details about it, assign it to a user in your domain, change the status, and more. G Suite Enterprise administrators can click New Investigation to start an investigation.

Under Key Details, depending on the alert, you can review the alert history, including a summary, the date it occurred, the user (Actor) who triggered the alert, and who the alert affected. 

Scroll down to see more details such as the messages, dates, and recipients of an email alert, as well as related alerts. 

Modify the severity of an alert

Sign in to your Google Admin console.

Sign in using your administrator account (does not end in @gmail.com).

  1. At the top, click Menu Menu and select Security and then Alert Center. You see a dashboard with a list of alerts.
  2. Click an alert to modify the severity. 
  3. On the left, under Severity, select High, Medium, or Low.
  4. (Optional) To adjust the rule that assigns the default severity to an alert type, under Severity, click Rules and then the rule that generated the alert.
Was this helpful?
How can we improve it?