Launch Investigation Tool from the Security Dashboard and Alerts

Caution: The Investigation Tool returns 30 days of data from Gmail logs and 180 days of data from all other logs. You can export Google Workspace logs and usage reports to Big Query. Over time, this gives you access to data past the 6 month window. See Export your Google Logs to BigQuery for a Big Win.

From Alerts to investigations

You can launch into the investigation tool from the alert center by simply clicking the Investigate Alert magnifying glass from the Alert details. The investigation pre-populates and opens in a new tab automatically. 

  • From the Admin Console: From any page, click the alert icon at the top right of the page. Select an alert in the list of alerts or click View all and then filter and select an alert to open its detail view. 
    AlertsIcon.png
    Then click Investigate Alert
    InvestigateAlert.png

From Security Dashboard to investigations

The Security Dashboard may surface trends or issues you want to investigate further. You can pivot to the Investigation Tool directly from the dashboard.

  • From the Admin Console: Navigate to Security > Security center > Dashboard. You will see either Investigate or View Report in the bottom right of each chart. Choose Investigate and a search will be automatically built for you in the investigation tool. If you see View Report, the chart allows you to export data to Sheets instead of launching an investigation. 
dahsboardimageArrow.png

 

Document Version Date Description of Change
1.0 9/6/2024 reworked text, updated image, reverify

 

Articles in this section