Make investigations work for you

Caution: The Investigation Tool returns 30 days of data from Gmail logs and 180 days of data from all other logs. You can export Google Workspace logs and usage reports to Big Query. Over time this gives you access to data past the 6 month window. See Export your Google Logs to BigQuery for a Big Win.

Custom dashboard charts from investigations

Creating custom charts for the dashboard is a great way to focus on known issues or common search queries. If you find yourself conducting the same search time and time again within the investigation tool, you should create a custom chart to add to your dashboard.

When users create a custom chart, it will only be available from their own login. Once you are finished with a custom chart you can easily delete it without affecting other security center admins.

To create a custom chart:

  1. Start in the investigation tool.
  2. Click the ellipsis on the right-hand side.
  3. Choose Create Custom Chart.

Activity rules from investigations

Activity rules are automated rules based on log events within the Investigation Tool. Through activity rules, you have the ability to create alerts and enable remedial actions. These are useful for automating some activities based on a data source and trigger.  

You can monitor activity and change the threshold of alerts before making a specific rule active.

Currently you can only set activity rules for the entire domain. There is no granularity by OU or group so every rule is either ON or OFF.

Follow these instructions to create an activity rule.

Articles in this section