A Brief Overview of GAT+

GAT+ is a powerful audit and security tool for your G suite domain. This post will take you through a visual overview of some of GAT’s features within the Drive Audit.

See the video walkthrough:

In the GAT+ dashboard, where you can audit all areas of your domain. We’ll be starting off a GAT+ Drive audit.

Drive Audit

GAT+ dashboard

 

In this audit area, you can search your entire domain for documents for any user. You can easily identify documents using the apply filters button. For example, if we look at files which are being shared outside of our domain, the exposure summary will help you identify documents shared publicly to other domains as well as documents shared inside your domain and also private and orphaned documents. You can also identify documents by file type.

 

GAT's Drive audit area

To take actions on a document you can select the files you wish to take actions on and select file management. Then you can change ownerships editors or viewers by adding or removing them. You can also view contents of documents silently using view file contents.

Select file management in the Drive Audit

You can check your exposure to other domains using the domain connection graph.

domain connection graph

Clicking on a particular domain will show you the documents shared to them for further analysis. You can also search through users drives or team drives using the folders tree. This can help you identify all the folders in your domain and the permissions set for those folders.

Folder trea in GAT+

Users Audit

The Users audit allows you to get an overview of all the users across your domain. You can use a custom filter to look for an individual, Groups or OU’s.

You can use a custom filter in the Users audit to look for an individual, Groups or OU's

Once you have applied a filter to find a set of users, you can then export those users to a Google spreadsheet. You can edit the information on this spreadsheet which can then be imported back in and the changes will be reflected on your admin console. This is helpful for removing or adding users or changing their emails or order details all at the same time. Email info will allow you to see the emails they’re receiving or sending. File count lets you see all the files they have access to or have created. Quota shows you two quotes they are using for their drive in Gmail you can also go through these subsequent sections to modify the users information that way. In the course audit area you can see all the Google Classrooms across your entire domain. You can see which teachers created those Google Classrooms, the name of the class, and details about said class.

Courses audit

You can also check the work being assigned to students from the teachers you can then see the submissions from students here you could filter a particular course to further analyze. You can also get more information about teachers and students using Google Classroom.

Applications Audit

Application audit allows you to identify threats from third-party applications. GAT+ will automatically rank these applications based off the permissions third-party application has access to your G Suite API as a super admin you would want to examine if this application is malicious.

Applications Audit

In the case of a malicious application being found, you can easily create a policy to ban the application for a user group or the entire domain you can also view other policies made by other administrators.

Printer Audit

The printer section within the GAT+ tool allows you to view all of the Google printers which are connected to your domain, you can also find print jobs that your users have carried out here you can apply filters for a particular user to see what they have printed. This can show you the title of what they have printed and when they printed it.

Chrome OS Devices

In Chrome OS devices, you can see all of the Chromebooks which are enrolled in your domain. You can also modify their details and see who was the last user to login to those devices in mobile devices. You can see who has signed into the domain with their mobile device in case of a security breach, you can block the device, remote wipe the device, or wipe the account and also delete the device from your domain.

Chrome OS Devices

User Logins

For added security and protection for your G Suite domain, you can use a user login section of the GAT+ tool here you can see all of the logins occurring across your domain by your users.

User Login

You can also see suspicious activity by users such as invalid passwords being entered. You can filter events which are suspicious to find such activity. You can also get information such as what IP address is being used to log into your domain.

This concludes our brief overview of GAT+. Feel free to install the tool from the G Suite Marketplace.

Comments

comments