Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt

Use this file to discover all available pages before exploring further.

With the BlueApp for G Suite, you can monitor your Google G Suite (formerly known as Google Apps) activity and detect threats directly from USM Anywhere, providing a single pane of glass for all your security monitoring and compliance needs. This integration gives you the ability to collect this information, extending USM Anywhere threat detection capabilities to Google Gmail, Google Calendar, and Google Drive (Google Docs, Google Sheets, Google Slides, and Google Forms).
  • Predefined log collection jobs perform scheduled API queries for G Suite logs and USM Anywhere produces events from this data.
  • The out-of-the-box correlation rules for G Suite events enable USM Anywhere to automatically create alarms, notifying you about suspicious activity in your environment.
  • The BlueApp for G Suite includes predefined dashboards that give an overview of G Suite Audit and G Suite Drive to streamline your investigation and incident response processes.
Important: All G Suite environments include access to the Google Drive Activity API, which provides the basic G Suite audit log data. However, only G Suite Enterprise or G Suite Business include access to the Reports API, which provides to the advanced G Suite log data. If you are a G Suite Basic customer, you cannot collect log data for Google Drive.See their Google Support site for more information about the differences between the G Suite editions.
Warning: If the BlueApp fails and you receive a message informing you that it has not been loaded, please contact LevelBlue Technical Support to solve the problem.
This topic discusses these subtopics: Configuring the BlueApp for G Suite
To view other related training videos, click here.