Skip to main content
All CollectionsTemplatesBasic
Alert on Google Login Activity Outside of Allowed Regions - Workflow Template
Alert on Google Login Activity Outside of Allowed Regions - Workflow Template

Retrieve Google Login Activity for logins and compare against specific allowed regions. If a violation occurs notify a Slack channel.

Updated over 6 months ago

Ensure secure Google Workspace access with this workflow template that monitors login activity using Reports API and assesses it against predefined allowed regions. It leverages VirusTotal for additional IP address analysis, and in case of regional violations, it automates Slack notifications providing detailed login and verdict information. Ideal for strengthening Identity and Access Management and spotting Suspicious User Activity.

Take Me to the Template

Use Cases

Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. Retrieve the Google Login Activity from the Reports API

  2. Loop over each login and compare against the specific allowed regions

  3. Lookup region in VirusTotal and save the result for comparison

  4. If a violation is found, notify the Slack channel and provide the login details and verdict from VirusTotal

Vendors

Slack, Utils, VirusTotal, HTTP, Google Workspace

Workflow Output

On violation, update the Slack Channel

Related Articles
Handle Suspicious AWS Console Logins (AWS SNS) - Workflow Template
Disable a Specific User in Google Cloud Identity - Workflow Template
Disable and Contain a Specific Compromised User in Okta - Workflow Template
Detect impossible travels in Okta logins. - Workflow Template
Verify Entra ID (ex-Azure AD) Audit Sign-Ins from Allowed Regions - Workflow Template
Did this answer your question?