We’re updating the user interface for audit logs in the Admin console to allow for richer insights and query based reporting capabilities. This will bring the experience inline with the security investigation tool and create a more unified reporting experience across the Admin console.
Some improvements you’ll notice are:
- Enhanced search attribute options: We’ve introduced a new search field that will help admins quickly find and apply search attributes. For larger lists (more than 15 items), admins will be able to pin commonly used attributes.
- The ability to perform searches in “filter” or “condition builder” mode:
- In filter mode, admins can add simple parameter and value pairs, such as viewing externally shared files with sensitive data or external emails with attachments, to filter for search results.
- In condition builder mode, admins can view previously applied filters as conditions with AND/OR operators to further refine search results.
- New data sources for the investigation tool: We’re expanding our list of data sources to 31 sources — see here for a complete list of data sources.
Why it’s important
We hope this updated and streamlined experience makes it easier for admins to identify, triage, and act on security issues within their organization without having to switch between multiple tools. Additionally, by providing admins with new ways to set and filter for specific search attributes and establish reporting and activity rules, this will make it easier to stay apprised of what’s happening in their organization.
Admins will no longer be able to export audit log data to CSV files, they can only be exported to Google Sheets going forward. Additionally, you may notice the renaming and merging of previously existing data sources and other minor UI changes. For a complete list of what’s changing, see this article in our Help Center.
- Admins: The new audit and investigation page can be accessed in the Admin console by going to Reporting > Audit and investigation. Visit the Help Center to learn more about the improved audit and investigation experience, creating reporting rules and activity rules, and admin access to reporting rules & activity rules.
- End users: There is no end user impact.
- Rapid Release and Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on March 22, 2022
- Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers