EDU in 90: Investigation Tool

[, Music, ], hey everyone tim here and welcome back to edu in 90.. This is our second episode in a two-part series on cyber security last episode, we shared an overview of the security center that's, part of g suite enterprise for education, and today we'll, take a deeper dive into the security center's, investigation tool which gives admins the power to identify triage and take action on security and privacy issues.

Let's get started. You can use the investigation tool in a number of ways. For example, you can identify, who created and shared a file with inappropriate material, take action to block spammers, understand what types of two-factor authentication your domain's.

Users are using, and in the case of last week's episode. You can investigate a phishing attack, so looking back at last week's example, we'd, found a phishing email on our domain and we used the security center & # 39.

S report feature to see who received it, who sent it and more now we'll, use the investigation tool to get more information and take action. We can launch the tool from the security center report generated in the last episode and shown here.

Just click the magnifying glass to launch the tool. The search will already be pre-populated with information from the report. Another way to launch the tool is from the admin console, just click on security and then investigation tool.

So, starting from here, we'll, run a new search. We'll, look for gmail log events and under condition we'll, choose emails that were classified as spam due to phishing. We can also add an event to see if people opened an email moved it to the trash clicked on a link downloaded an attachment and more in this case, we'll choose receive to see if any phishing emails landed in users and boxes.

We'll, run our search and see the same result we found before. In this example. There's just one recipient, but there could be hundreds. I can scroll across and see all kinds of information and i can click to safely view.

The message i can also use the tool to take action to do this. I go to actions. I can mark the email as phishing, send it to quarantine or simply delete the email from the user's inbox. If we wanted to dig further, we could use the tool to see if any files on our google drive have been shared externally.

We could see who has access to those files and we could remove permissions from any suspicious users once you find some searches. You like running future searches is easy. You can save or duplicate investigations and can create activity rules to automate the same steps.

It could run the same investigation and take the same actions say every 24 hours and have the tool report. The results to me in the log so that's, how the investigation tool gives admins more visibility and control over the security of their organization.

You can visit the help center to explore it more and learn about all of its capabilities. We'd love to hear how you use the investigation tool so tell us in the comments below and stay tuned for our next episode, as always check out other edu 90 episodes to learn more about google for education and subscribe to our channel.

To get alerts about new episodes, we'll, see you next time. Cyber security is top of mind for many school leaders check out our last episode to learn about g suite enterprise for education's; security center, [, MUSIC PLAYING ] TIM ANDERSON, Hey everyone.

Tim here, and welcome back to & quot EDU in 90. & Quot, This is the second episode in a two-part series on cybersecurity. Last episode. We shared an overview of the Security Center that's, part of G Suite Enterprise for Education.

, And today we'll, take a deeper dive into the Security Center's; Investigation tool, which gives admins the power to identify triage And take action on security and privacy issues. Let's, get started.

. You can use the investigation tool in a number of ways., For example, you can identify who created and shared a file with inappropriate material. Take action to block spammers understand what types of two-factor authentication your domain's.

Users are using, and in the case of last week's episode. You can investigate a phishing attack.. So, looking back at last week's example, we've found a phishing email on our domain and we used the Security Center & # 39.

S Report feature to see who received it, who sent it and more.. Now we'll, use the Investigation tool to get more information and take action.. We can launch the tool from the Security Center report generated in the last episode and shown here.

Just click the magnifying glass to launch the tool.. The search will already be prepopulated, with information from the report. Another way to launch the tool is from the Admin Console., Just click on Security and then Investigation tool.

. So, starting from here, we'll run a new search.. We'll. Look for Gmail log events and under Condition we'll, choose emails that were classified as spam due to phishing.. We can also add an event to see if people opened to email moved it to the trash clicked on a link downloaded an attachment and more.

. In this case, we'll choose Receive to see if any phishing emails landed in users & # 39. Inboxes. We'll, run our search and see the same result. We found before. In this example. There's, just one recipient, but there could be hundreds.

. I can scroll across and see all kinds of information and I can click to safely view the message.. I can also use the tool to take action. To do this. I go to ACTIONS.. I can Mark the email as phishing, Send it to quarantine or simply Delete the email from the user's inbox.

. If we wanted to dig further, we could use the tool to see if any files on our Google Drive have been shared externally. We could see who has access to those files and we could remove permissions from any suspicious users.

. Once you find some searches you like running. Future searches is easy.. You can save or duplicate investigations and can create activity rules to automate the same steps.. It could run the same investigation and take the same actions say every 24 hours and have the tool report the results to me in the log.

, So that's. How the Investigation tool gives admins more visibility and control over the security of their organization.. You can visit the Help Center to explore it more and learn about all of its capabilities.

. We'd love to hear how you use the Investigation tool so tell us in the comments below. And stay tuned for our next episode., As always check out other & quot EDU in 90 & quot episodes to learn more about Google for Education and Subscribe to our channel to get alerts about new episodes.

, We'll, see you next time. Cybersecurity is top-of-mind for many school leaders. Check out our last episode to learn about the G Suite Enterprise for Education's; Security Center


Be Smart

The Latest Education News and Reviews!.