View and change alert severity
In the alert center in the Google Admin console, you can view details about alerts and their severity to get information about potential issues and security threats to your domain. You can filter alerts by severity, view details, or change the alert severity.
You can then take action on alerts and change their status, assign them to a user in your domain to research, or if you’re a G Suite Enterprise administrator, start an investigation.
By default, some alerts have pre-defined severity values of High, Medium, or Low. If an alert has no default severity or you want to change the severity for a certain type of alert, you can do this manually. The system learns from your actions and attempts to adjust severity values to meet your organization’s needs.
View alerts according to severity
- At the top, click Menu and select Security Alert center. You’ll see any alerts for your domain. In the Severity column, you’ll see the assigned severity of each alert.
- At the top, click Add a filter and select Severity to filter alerts by their severity.
- Check the High, Medium, or Low box then click Apply. The severity you choose appears at the top.
- Click an alert to see details about it.
- (Optional) To see alerts with a different severity, at the top, click Severity and select High, Medium, or Low.
- (Optional) To see all alerts, at the top, click Alert Center.
Understand the Alert details page
After you click an alert, you can see details about it, assign it to a user in your domain, change the status, and more. G Suite Enterprise administrators can click New Investigation to start an investigation.
Under Key Details, depending on the alert, you can review the alert history, including a summary, the date it occurred, the user (Actor) who triggered the alert, and who the alert affected.
Scroll down to see more details such as the messages, dates, and recipients of an email alert, as well as related alerts.
Modify the severity of an alert
Sign in using your administrator account (does not end in @gmail.com).
- At the top, click Menu and select Security Alert Center. You see a dashboard with a list of alerts.
- Click an alert to modify the severity.
- On the left, under Severity, select High, Medium, or Low.
- (Optional) To adjust the rule that assigns the default severity to an alert type, under Severity, click Rules and then the rule that generated the alert.
Note: You can assign a user Full (can see and make changes) or View (see only) privileges. For details, click Go to roles.