Top policies causing the highest number of incidents

This feature is available with G Suite Enterprise, G Suite Enterprise for Education, and Drive Enterprise editions. Compare editions

Available for beta customers only

You can review the Top policy incidents report to see the top policies causing the highest number of incidents. The policies are organized by service (Google Drive and Gmail). Policies are ranked by the highest number of incidents during the specified date range. At the bottom of the chart, you see the total number of incidents for the top policies for Gmail and Drive.

View the Top policy incidents report

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Securityand thenDashboard.

    To see Security on the Home page, you might have to click More controls at the bottom.

  3. In the lower-right corner of the Top policy incidents panel, click View Report.
  4. (Optional) To generate a spreadsheet with the report’s data, click Export Sheet. The spreadsheet is saved in your My Drive folder.

Customize your report

At the top of the report, use the date range filter to customize data in the report. Customize the report to view data from Today, Yesterday, This week, Last week, This month, Last month, or Days ago (up to 180 days).  Or, you can enter a Start date and End date. Click Apply after you set the date range. 

View the top policies

Under the Top policy incidents chart, you can see a table that lists the top policies causing the highest number of incidents for the selected date range.

The table lists these details: 

  • Name of the policy that was broken
  • Number of incidents for the policy
  • Percentage change rate since the last time period
  • Resource count

Tip: To narrow down the incidents in the table, use the filters above the list.

View the top classifiers

You can see a table of the top classifiers. To see the table, under the Top policy incidents graph, click Classifier.

The table lists these details: 

  • Classifier name
  • Number of incidents for the classifier
  • Percentage change rate since the last time period
  • Resource count
  • Number of high, medium, and low-severity incidents for the classifier

Tip: To narrow down the classifiers in the table, use the filters above the list.

View the top resources

You can see a table of the top files, messages, or other resources that contributed to the top policy incidents in the chart. To see the table, under the Top policy incidents graph, click Resource.

The table lists these details: 

  • Service name (Drive or Gmail)
  • Title—Subject of the Gmail message or name of the Drive file 
  • Owner of the Gmail message or Drive file
  • Number of incidents that occurred
  • Number of policies that were triggered for a given Gmail message or Drive file
  • Number of matched classifiers

Tip: To narrow down the resources in the table, use the filters above the list.

Was this helpful?
How can we improve it?