How to view video closed captions and transcripts

Transcript

0:08 - You can launch the Investigation Tool in a few different ways. First, from the Security Navigation menu in the admin console, or you can launch through the Alert Center. 

0:22 - For some alerts, an investigation tool icon shows up. If you launch from here, it will build out the investigation for you based on the alert. 

0:31 - So you get a lot of specifics based on what the rule was. If you open the investigation, you can investigate the alert from there too. 

0:40 - You can also get the the investigation tool from the Security Center Dashboard. Certain cards provide direct access links to investigations. 

0:49 - Each method starts your investigation in a slightly different way but the goal is the same to analyze security events and take action. 

1:01 - Looking at a real-world example, let's say you're worried about phishing emails trying to still use credentials. Here's how you can investigate Gmail messages for potential threats. 

1:12 - First, open the investigation tool and filter Gmail messages that contain the word password. You can review the results grouped by subject and then you can pivot your search which lets you track how many people received and interacted with these emails. 

1:33 - I can see who opened, clicked links, or received the message. If something looks suspicious, I can dig deeper. Now that we've identified a fishing attempt, what can we do? 

1:48 - We can view the full email if permissions allow, delete the message before users interact with it, market a spam or fishing, or send the message to quarantine and the best part you can do this individually or in bulk for multiple emails at once before we wrap up let's talk about two important settings 

2:11 - require a reviewer and view email content permissions for require reviewer before a bulk action is performed another admin must approve the action for view email content permissions you can control who can see the message details and require a reason for accessing the emails. 

2:32 - These settings help ensure security investigations follow best practices while protecting user privacy. That's it. You now know how to launch and investigate and take action with the Google Workspace Investigation Tool. 

2:49 - If you have questions, consider attending our weekly Google Workspace office hours or check out our investigation tool recipes in the Help Center for more details.