Data Source: G Suite Drive

Date: 2024-07-18

ID: 5f79120f-a235-4468-bd0d-55203758ac22

Author: Patrick Bareiss, Splunk

Description

Data source object for G Suite Drive

Details

Property Value
Source http:gsuite
Sourcetype gsuite:drive:json

Supported Apps

Event Fields

+ Fields 
  <span class="pill kill-chain">_time</span>
  
  <span class="pill kill-chain">email</span>
  
  <span class="pill kill-chain">host</span>
  
  <span class="pill kill-chain">index</span>
  
  <span class="pill kill-chain">ip_address</span>
  
  <span class="pill kill-chain">linecount</span>
  
  <span class="pill kill-chain">name</span>
  
  <span class="pill kill-chain">parameters.actor_is_collaborator_account</span>
  
  <span class="pill kill-chain">parameters.billable</span>
  
  <span class="pill kill-chain">parameters.doc_id</span>
  
  <span class="pill kill-chain">parameters.doc_title</span>
  
  <span class="pill kill-chain">parameters.doc_type</span>
  
  <span class="pill kill-chain">parameters.is_encrypted</span>
  
  <span class="pill kill-chain">parameters.new_value{}</span>
  
  <span class="pill kill-chain">parameters.old_value{}</span>
  
  <span class="pill kill-chain">parameters.old_visibility</span>
  
  <span class="pill kill-chain">parameters.originating_app_id</span>
  
  <span class="pill kill-chain">parameters.owner</span>
  
  <span class="pill kill-chain">parameters.owner_is_shared_drive</span>
  
  <span class="pill kill-chain">parameters.owner_is_team_drive</span>
  
  <span class="pill kill-chain">parameters.primary_event</span>
  
  <span class="pill kill-chain">parameters.target_user</span>
  
  <span class="pill kill-chain">parameters.visibility</span>
  
  <span class="pill kill-chain">parameters.visibility_change</span>
  
  <span class="pill kill-chain">punct</span>
  
  <span class="pill kill-chain">source</span>
  
  <span class="pill kill-chain">sourcetype</span>
  
  <span class="pill kill-chain">splunk_server</span>
  
  <span class="pill kill-chain">timestamp</span>
  
  <span class="pill kill-chain">type</span>
  
  <span class="pill kill-chain">unique_id</span>
  
</div>

Example Log

1{"type": "acl_change", "name": "change_user_access", "parameters": {"primary_event": true, "billable": true, "visibility_change": "none", "target_user": "alberto@internal_test_email.com", "old_value": ["none"], "new_value": ["can_edit"], "old_visibility": "private", "doc_id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "doc_type": "spreadsheet", "is_encrypted": false, "doc_title": "Invoice-11111 FedEx - Delivery - Dummy Detection POC", "visibility": "shared_internally", "originating_app_id": "000000000001", "actor_is_collaborator_account": false, "owner": "peter@external_test_email.com", "owner_is_shared_drive": false, "owner_is_team_drive": false}, "email": "peter@external_test_email.com", "unique_id": "123456789", "ip_address": "null", "timestamp": "2021-08-23T09:19:08.200Z"}

Source: GitHub | Version: 1