Skip to main content
All CollectionsTemplatesBasic
Alert on Google Login Activity Outside of Allowed Regions - Workflow Template
Alert on Google Login Activity Outside of Allowed Regions - Workflow Template

Retrieve Google Login Activity for logins and compare against specific allowed regions. If a violation occurs notify a Slack channel.

Updated over 7 months ago

Ensure secure Google Workspace access with this workflow template that monitors login activity using Reports API and assesses it against predefined allowed regions. It leverages VirusTotal for additional IP address analysis, and in case of regional violations, it automates Slack notifications providing detailed login and verdict information. Ideal for strengthening Identity and Access Management and spotting Suspicious User Activity.

Use Cases

Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. Retrieve the Google Login Activity from the Reports API

  2. Loop over each login and compare against the specific allowed regions

  3. Lookup region in VirusTotal and save the result for comparison

  4. If a violation is found, notify the Slack channel and provide the login details and verdict from VirusTotal

Vendors

Slack, Utils, VirusTotal, HTTP, Google Workspace

Workflow Output

On violation, update the Slack Channel

Did this answer your question?