Save and share investigations
This feature is available for Beta customers.
As an administrator, you can create, save, and share investigations. This enables you to collaborate with others in your organization—both administrators and users—and to retain search criteria so that you can manage investigations for ongoing use.
Note: You also have the option to build a search for an investigation without saving it.
Create and save investigations
To create, save, and share an investigation:
- Sign in to the Google Admin console at admin.google.com.
Be sure to sign in using your administrator account, and not your personal Gmail account.
- At the top, click Menu and select Security Investigation tool.
- Choose a data source for your search; for example, Device log events, Devices, or Gmail log events.
- Click ADD CONDITION.
You can include one or more conditions in your search. For details about conditions that are available for each data source, see Customize searches within the investigation tool.
- Click SEARCH.
- Click Save .
- Type a Title and Description for the investigation.
- Decide how your investigation will be shared.
For example, you can set up the sharing so that anyone with the link to the investigation can access it as long as they are signed in to the investigation tool.
- Click SAVE.
After you create an investigation, you can share it with other users.
- In the investigation tool, click an investigation to open it.
- Click Share.
- Enter the usernames of people you want to share the investigation with.
- Click DONE.