Out of Hours Email Activity Reporting with GAT+

In France, the legal length of the working week is 35 hours in all types of companies with more than 50 employees. The working day may not exceed 10 hours. Furthermore, employees may not work for more than 4.5 hours without a break. The maximum working day may be extended to 12 hours under a collective agreement.

If you wish to enforce this policy throughout your organization you can utilize GAT Shield. Let’s presume you already know about Shield and utilize it within your organization.

You have the ability as a super admin to enforce the French working hours after getting proper approval from your management team.

Navigate to the Configuration area of GAT Shield. In the Login Control section.

Now, I will create a time frame window outside of this time frame users on my domain won’t be allowed to log into their G Suite account to check emails or other cloud services.

The below example covers 9AM to 7PM.

Login time window (from): 0 0 9 1/1 * ? *

Login time window (to): 0 0 19 1/1 * ? *

This means my employees can log in and do their work from 9AM to 7PM after which they will be blocked.

If you don’t wish to block entry into the account when users are out of hour you can report on your employee’s activities using GAT Shield User Activity section. This will show you when a user was active and what sites they went to throughout a given day.

Delegate access to your Gmail account

With GAT+ Super Admins and Delegated Auditors can give a user access into another user’s Gmail account for a specified period of time after which the delegation is automatically removed. This may be for business purposes but it is also to facilitate the fast search and viewing of all the account emails via another user’s browser.

 

Note: Please ensure email delegation is allowed for users in your domain.

Go to the Google Apps Admin console and under ‘Apps’, ‘G Suite Apps’, ‘Settings for Gmail’, ‘User Settings’, check if the email delegation box is allowed for your domain.

Now launch GAT+ and enter the User Audit section.

Click on the Email Info tab. Search for the user whose Gmail account will be delegated to someone else, click on the drop-down menu and select ‘Add e-mail delegation’.

When the menu appears, enter the user who will gain access. And enter the number of hours for which this delegation and when it expires it will remove this delegation automatically.

The request will be sent to your security officer for approval, once approved the delegation will be set.

The delegated account appears in the accounts drop-down list in the user’s own Gmail account. This can take several minutes and may require a refresh. The user accessing the delegated account will have to log out and log back in again for the delegated account to appear.

Note: If during the period of the delegation, the user of the account under audit logs into their Google account and goes to their email settings, then under ‘Accounts and import’ the account owner will see that the Admin has granted delegated access to the account.

In addition, if the delegated user reads any unopened email in the audit account, this email will be marked as ‘read’.

Getting Alerted When Files are Shared to Gmail

Some of you may know that you can create G Suite accounts with usernames based on your yahoo.com and hotmail.com accounts. Therefore it is possible to share Google Docs to and from these account names. These Google accounts are typically personal accounts therefore many businesses want to track shares to and from these usernames. In this post, we show you how to monitor files that are shared out to the external domain such as Gmail.com, Hotmail.com, Yahoo.com.

Below is an example of how this can be achieved using GAT+:

set alerts in gat

In Drive audit, Click on the “Apply custom filter” button.
Then we select “Sharing Flags contains Shared Out”
Then any changes made after or equal to yesterday – this is used to display files that have been shared out since yesterday.
Then we add a group which has the option “OR” – this allows us to search, all the external domains, for example, gmail.com, hotmail.com, yahoo.com.
This will display files which have been shared out to the domains above, that have been updated in the last day.

After this, we can schedule a report to run everyday after midnight showing all files that have been shared to these personal domains in the last day. This can be scheduled with different time frame if we like. To schedule the report we can simply select “Scheduled” and an extra submenu will be displayed where we can select “Occurrence” and select the recipients.

To schedule the report we can simply select “Scheduled” and an extra submenu will be displayed where we can select “Occurrence” and select the recipients.

Then we can click “Apply & Schedule”.

This report will now run everyday after midnight producing a report of updated files that have been shared out to members of these of the selected domains.

GAT, GDPR Compliance and G Suite: How GAT+ Keeps You GDPR Complaint

GAT helps you ensure you meet your GDPR obligations

One of the most important aspects of GDPR is to be able to show that your staff and customer data is not carelessly exposed via file sharing or email attachments. In pursuit of this goal regular and scheduled testing of all content and shares should be carried out. GAT+ is designed to meet this obligation. In addition, from time to time it will be necessary for administration or security staff to inspect on-line content which may belong to other staff or customers. It is critical that this be carried out in a structured and approved workflow. GAT Unlock is currently the ONLY solution in the G Suite Marketplace that has such a structured workflow. This ensures that all access to all content is approved by properly appointed Security Officers within the company. Data leakage can occur not only via email and document sharing but also via the browser, using cut and paste, into any other web page the user is logged into on his or her browser. Detecting this dynamic flow of sensitive information is critical to ensuring proper compliance with GDPR. GAT Shield is designed to meet just such a requirement, watching and alerting in real time.

 

GDPR obligations

 

Our well thought out and sophisticated design that pre-dates the GDPR requirements means we have always coded to ensure none or minimal customer content ever has to pass through our architecture.

How GAT ensures it is GDPR compliant

Given its access to all aspects of your G Suite environment, the GAT family of products must themselves respect the GDPR environment for your data. GAT does this in several ways. The only data it collects and stores is your user metadata. This consists of username, company email address, access times, email addresses to and from the user account, email metadata, Google + postings with the domain account, files owned, calendars and appointments in the company domain and other non-specific usage data (such as membership of email groups, OUs, etc.). It does NOT collect any file or email content. It does not transfer any content to its servers for inspection. This is critical, other tools do this for content inspection, GAT+ avoids doing this and can still search content. GAT Shield, which is designed to look in real time for sensitive content, can also search and report on content without that content ever having to pass through our servers. Our well thought out and sophisticated design that pre-dates the GDPR requirements means we have always coded to ensure none or minimal customer content ever has to pass through our architecture. Finally, all idle databases are automatically deleted 30 days after last use and there is no metadata harvesting for future use.

Blanket Access for Admins to all Files and Emails for a Range of Users

In the Security Officer section on the GAT homepage, Security Officers will find a button

The Security Officer icon to select blanket access features

called ‘Configure Admins’

configurue admins in GAT

This area allows Security Officers to give blanket access to files or emails to a range of Admins for certain OU’s.

drive admins - granted permission to view and download al files in the specified organisations

This is ideal for situations where Admins do not need to get constant approval. An example would be in an education environment where the Admin would have open access to the Student OU’s but would still have to get selective approval from the security officer to access a file in the Staff or HR OU.

For a single OU level add a value like /Staff (Note, this will not grant access to the OU /Staff/IT).

For a full OU tree add a value like /Students/*

The Admin should now see something like this

Refresh list

After the Security Officer sets up access for the Admins to see all content, the GAT Admin should return to ‘View File Contents’ in the Drive Audit, click ‘Refresh List’, they should now see a new link for full access to the OU, click on this link to make the download and view icons appear beside all files for members of the OUs.

Be sure you also read all the steps on how GAT works before giving blanket access.

 

Delete Spam, Inappropriate or Accidental Emails

Removing an accidental email sent to the wrong group, or an email that has inappropriate content and which got past spam filtering, or removing a phishing email all are needs that occur from time to time.

GAT now allows Admins do this from all accounts at once.

Domain Gmail Search in GAT: remove accidental emails

We recommend using ‘Domain Gmail Search’ for tracking down these emails. It is a ‘real time’ search that is highly configurable (see ‘Search Tips’ link beside the search box). In the screenshot above we use the example search parameters

“SEO proposal” in:anywhere newer_than:180d

This tells GAT+ to search in all folders, for all users and look for emails that contain the words “SEO proposal” which are also newer than 180 days. When the results come back, click on ‘Explore all Emails’.

Next, select the tab ‘View Email Contents’

view email contents tab

From here the Admin forms the request that is sent to the Security Officer for approval. If you intend to delete the emails rather than just view or download them then check the ‘remove contents’ box and select your end date for this permission.

After doing that hit ‘send request’ and wait for approval to be returned from the Security Officer.

refresh the list (1) and click on the link (2)

Once you have received an approval email, remember to refresh the list (1) and click on the link (2) to display just your selected files.

You can then delete one or all of the emails using the ‘bin’ icon (3).

You can then delete one or all of the emails using the ‘bin’ icon

The emails can be removed permanently or sent to the user’s ‘trash’ folder only (tick ‘Send to Trash only’ box). Once deleted permanently they are gone forever.

The emails can be removed permanently or sent to the user’s ‘trash’ folder only (tick ‘Send to Trash only’ box). Once deleted permanently they are gone forever.

In future when you search for these emails they will still be listed in our database but they will have a strikeout line through the accounts listing.

 

Related Resources:

How to mass delete emails

How to restore deleted files

Remove deleted G Suite accounts as editors or viewers to Drive files

View Email Contents – How to silently copy or view emails

Use the ‘New Filter’, ‘Recent Filters’ or ‘Domain Gmail Search’ to select the email you require access to.

silently copy or view emails with General Audit Tool

When searching for a specific current email ‘Domain Gmail Search’ is the correct tab to use. This search tab is a live search tab and is able to look through all current emails in all folders (use the flag in:anywhere), in all accounts. It can search for email body and attachment content as well as all other metadata. The Domain Gmail Search can take many search options, to see them all, click on ‘Search Tips’.

click on explore emails in General Audit Tool (GAT)

Once the search for specific emails is completed (it may take some time if you have made it domain wide) you can load the results into the GAT+ filter tables by clicking on ‘Explore all emails’

Information found in the view email contents tab

When you have made your selection, move to the ‘View Email Contents’ tab to request permission for access to those emails up until a certain date.

You can now also request permission to delete the emails you have selected.

check ‘Request to remove contents in the users accounts’

To do this, check the box beside ‘Request to remove contents in the users’ accounts’. When finished, press ‘Send Request’  and an email will then be sent to the security officer requesting approval for the access.

Email sent to security officer

Once granted, you return to the ‘View Email Contents’ tab (1), where you need to click on the link showing the files you have been granted access to (2), this will make the selected emails available for Viewing, Downloading or Deletion. Downloaded emails are viewable in any email viewer (Outlook, Thunderbird, etc.).

you need to click on the link showing the files you have been granted access

TIP: You can return to the View Email Contents tab anytime, but remember to click on the link (in blue) in the permissions list to see each selection of emails that access permission has been granted for.

 

You might find this link useful. It “reviews the legal risks involved in the use by employees of e-mail and the internet at work, and also considers related issues such as the implementation of a company policy for e-mail and internet use by staff, the monitoring of e-mail and internet use by staff, and requirements in relation to the disclosure and retention of e-mails.”

GAT Unlock – First Steps

GAT Unlock is the most sophisticated security management mechanism for Google Apps available today. It works on the principle that access to documents, or change of ownership of documents, without the owner’s knowledge or permission can only be accomplished with the active input of at least two people in the organization. One of these will be the requestor who must be an Administrator, the other a Security Officer (or Verification Officer), who must be identified and verified through a senior executive in the organization.

This is an extra service on top of all GAT versions and for non-education domains comes with a limited cost. All license types must apply for this service if they require it. It does not automatically install nor can it be self-configured.

Policy

Because of the sensitivity of documents held in the cloud ‘Unlock’ cannot be self-enabled and is available ‘on trial’ only by special request.

From introduction, the service will be visible to domains and each domain Admin can apply to have it enabled. To avail of this service please email unlock@generalaudittool.com with your request. The requesting email must contain the following 4 items.

  • The contact details of the Google Apps Administrator applying.  
  • The name of the Security Officer(s), her/his position(s), email and phone number.
  • The contact details (email and phone number) for the person from whom the GAT team must seek confirmation before enabling this feature (See list below for minimum level of organization officer we expect to have to request approval from. Please send us their full contact details also and inform them they may receive contact from us.) This is required to verify the separate identities of both the Administrators and Security Officers.
  • The PO details for the requested service, see price list below. (Not required for education domains that have purchased GAT.)

There can be many Security Officers, and the service will be available to all Super Admins once enabled.

Administrators and Security Officers should remember the verification process is there to protect you, your domain data and your user’s privacy and rights, while also enabling you to act in the organization’s best interests.

When the ‘GAT Unlock’ service is enabled Administrators can generate access or change requests, but only Security Officers can approve them. An individual can be a member of both lists but can not approve their own requests. The Security Officer list for all domains is maintained by GeneralAuditTool.com staff. A Security Officer can not generate a change or view request and have it approved by another Security Officer.

Why all this effort? We really respect your data security. We respect your company’s right to be protected. This is the highest security model available within the Google for Work environment.

‘GAT Unlock’ pricing and approval authority needed

User Count

This the number of Active Users in your domain

Cost per year (Total)

A Purchase Order must be generated before the service is available.

Verification Requirement

Or

Equivalent executive level in Non-Business entities

1- 49 €/$300 or €/$300 Owner, CEO, CFO
50 – 499 €/$2 or €/$2 per user CEO, CFO, Head of HR, CIO
500 – 999 €/$2 or €/$2 per user CFO, Head of HR, CIO
1,000 – 4,999 €/$2 or €/$2 per user Head of HR, CIO, CSO
5,000 – 9,999 €/$2 or €/$2 per user Head of HR, CIO, CSO
10,000+ €/$20,000 or €/$20,000 Head of HR, CIO, CSO

 

NB: From September 1st, 2017, GAT Unlock will be priced at €/$2 or €/$2 per user per year. Thereafter there is no extra charge. Minimum charge is €/$300 or €/$300.

From September 1st, 2016, GAT Unlock will be bundled at no extra cost for educational domains who subscribe to GAT+Email at the educational rate of €/$0.50 per user per year.

 

How to use GAT Unlock

File Management – Changing ownership or file access rights

GAT Unlock is tightly integrated with the powerful search and filter options available in GAT+. This means you only have to do things once.

 

In this example we are going to find all the spreadsheets owned by the group ‘sales’ that are shared externally, then we will remove the external sharing and change the ownership (on all the selected files at once).

 

TIP: Always narrow the file request with a search first – saves time and makes approval simpler.

 

Step 1: Click on the ‘Apply custom filter’ button in Drive Audit.

Click on the ‘Apply custom filter’ button

Step 2: Select the following option:

  • For the filter type select User/Group/OU search, we will enter the ‘Sales’ group in this field ‘Local User/Group’, make sure to enter the full email address.
  • Click the checkbox option ‘Owned only’, this will show all the files owned by ‘Sales’ group. Otherwise, it would show all of files associated with ‘Sales’ group, were Sales shows up as Owner, Editor or Reader.
  • In the filter definition area, select the parameter Type equal to Spreadsheets and to add another search parameter click on ‘Add rule’ button and select ‘Sharing Flag’ to ‘Shared Out’. Selecting shared out will only focus on files leaving your domain.

Apply selected rule

Step 3: Next click on the ‘Toggle Selectable’ button, this will allow you to select files individually or all of them at the same time.

 

Note: You can not perform actions on a ‘Suspended’ account.

click on the ‘Toggle Selectable’ button

Step 4: Click on the button ‘File operation’ and then select the ‘File Management’ option.

Click on the button ‘File operation’

Step 5: In this example, we are removing external access to the spreadsheets and making the manager the owner of all the files.

Change selected file owner

When you click on the ‘Send request’ button, an email is going to be sent to your security officer.

When you click on the ‘Send request’ button, an email is going to be sent to your security officer.

If the security officer approves your actions, they will be executed and you will be notified.

If permission is not granted by the security officer, you will also be notified and no actions will be taken.

 

View File Contents – How to silently copy or view files

We are going to use a powerful search feature inside of GAT+ Drive audit to identify the contents of documents we’re going to investigate. This feature is called the ‘File content text search’. It allows admins/delegated auditor to use a word or sentence to search through all of the files across the domain and to return documents which contain them.

 

Step 1: Click on the ‘File content text search’.

Click on the ‘File content text search’.

Step 2: Enter the word or sentence to return files which contain them. Select the users account you want to search through or click on the option ‘Search all users’ to cover everyone.

click on the option ‘Search all users’ to cover everyone.

It will take a few minutes depending on how many files you have across your domain.

See the recent searches tab

Step 3: Now, that the search is complete, click on the ‘Recent Searches’ tab to select the search.

 

Step 4: Click on the ‘Apple custom filter’ button to build on top of the current filter.

Click on the ‘Apple custom filter’ button to build on top of the current filter.

We are going add another search parameter on top of the current filter. Select the ‘Updated’ parameter, for our example, I’m going to look back a few months. This will show us files which contain the sentence “private and confidential” and which have been updated since Feb 1st 2018.

Step 5: Select the files you are interested in, remember that these files contain the sentence “private and confidential”.

Select the files you are interested in

Step 6: Click on the ‘Files operation’ button and then select ‘Access permissions granted’.

Click on the ‘Files operation’ button and then select ‘Access permissions granted’.

Step 7: Next we will select a date in the future, we will have access to these files until this date. You have an option to write to your security officer explaining why you need access to these files.

Access permissions granted tab

Send the request to the Security Officer(s) for approval.

The following email will be sent to the Security Officer

This is the email that will be sent to the security officer

The Security Officer can click on the link in the email and will be taken to the approval area in GAT+.

The Security Officer can click on the link in the email and will be taken to the approval area in GAT+.

When the Security Officer grants access an email will be sent to the requesting Administrator/delegated auditor informing them. The Administrator from the ‘Access permission granted’ menu can see the full list of their access requests along with the time left for each request to remain valid.

The Administrator from the ‘Access permission granted’ menu can see the full list of their access requests along with the time left for each request to remain valid.

Once the request is selected, the requestor can download documents or view the contents silently without the owner’s awareness.

the requestor can download documents or view the contents silently without the owners awareness.

View Email Contents – How to silently copy or view emails

Use the ‘New Filter’, ‘Recent Filters’ or ‘Domain Gmail Search’ to select the email you require access to.

silently copy or view emails with General Audit Tool

When searching for a specific current email ‘Domain Gmail Search’ is the correct tab to use. This search tab is a live search tab and is able able to look through all current emails in all folders (use the flag in:anywhere), in all accounts. It can search for email body and attachment content as well as all other metadata. The Domain Gmail Search can take many search options, to see them all, click on ‘Search Tips’.

click on explore emails in General Audit Tool (GAT)

Once the search for specific emails is completed (it may take some time if you have made it domain wide) you can load the results into the GAT+ filter tables by clicking on ‘Explore all emails’

Information found in the view email contents tab

When you have made your selection, move to the ‘View Email Contents’ tab to request permission for access to those emails up until a certain date.

You can now also request permission to delete the emails you have selected.

check ‘Request to remove contents in the users accounts’

To do this, check the box beside ‘Request to remove contents in the users accounts’. When finished, press ‘Send Request’  and an email will then be sent to the security officer requesting approval for the access.

Email sent to security officer

Once granted, you return to the ‘View Email Contents’ tab (1), where you need to click on the link showing the files you have been granted access to (2), this will make the selected emails available for Viewing, Downloading or Deletion. Downloaded emails are viewable in any email viewer (Outlook, Thunderbird, etc.).

you need to click on the link showing the files you have been granted access

TIP: You can return to the View Email Contents tab anytime, but remember to click on the link (in blue) in the permissions list to see each selection of emails that access permission has been granted for.

 

Delegating Access for an email account.

As of v.6385 GAT allows Admins to delegate access for a User account to another User for a certain period of hours. This may be for business purposes but it is also to facilitate the fast search and viewing of all the account emails via another user’s browser.

BEFORE USING: Please ensure email delegation is allowed for users in your domain.

Go to the Google Apps Admin console and under ‘Apps’, ‘G Suite Apps’, ‘Settings for Gmail’, ‘User Settings’, check if the email delegation box is allowed for your domain.

Google Apps Admin console and under 'Apps', 'G Suite Apps', 'Settings for Gmail'

Admins should select the fifth tab, Email Delegation, in the Emails Audit area. Here the Admin can select the account they wish to gain access to, then select the account they want to give this access to and finally select the number of hours they would like delegated access to be granted for. Once the request is sent, the Security Officer will still have to approve before the delegation is created.

Sending multiple requests in 'Email Delegation'

Once granted the delegated account appears in the accounts drop down list for the Admin’s own Gmail account. This can take several minutes and may require a refresh. As of the year 2016, it seems the User accessing the delegated account will have to log out and log back in again for the delegated account to appear.

delegated account appears in the accounts drop down list

The delegation will automatically be revoked after the requested time period. This is not intended as a means of long-term delegation, which should only be done from the email account itself.

 

Note: If during the period of delegation, the account under audit, logs into their Google account and goes to their email settings, then under ‘Accounts and import’ the account owner will see that the Admin has granted delegated access to the account.

In addition, if the delegated user reads any unopened email in the audit account, this email will be marked as ‘read’.

Changing Ownership of an entire folder tree

Another feature of ‘Unlock’ is that it enables an often requested task of moving an entire folder tree, root folder and sub-folders, from one or many owners to a new owner.

Changing Ownership of an entire folder tree in GAT

This task is completed with the File Management tab. Use the +> feature to expand a folder structure from root to branch. Then using the GAT ‘Unlock’ feature set, Admins can change the owner of every folder, sub-folder and file in the directory tree in one swoop. After selecting ‘File Management’, select all the files in the expanded tree view, then proceed as normal to change ownership.

Ideal for consolidating a shared folder structure, or handling leaving staff or students.

 

Deleting Spam, Inappropriate or Accidental Emails

Removing an email that was sent by accident to the wrong group, or an email that has inappropriate content and which got past spam filtering, or removing a phishing email all are needs that occur from time to time.

GAT now allows Admins do this from all accounts at once.

Domain Gmail Search in GAT: remove accidental emails

We recommend using ‘Domain Gmail Search’ for tracking down these emails. It is a ‘real time’ search that is highly configurable (see ‘Search Tips’ link beside the search box). In the screenshot above we use the example search parameters

“SEO proposal” in:anywhere newer_than:180d

This tells GAT+ to search in all folders, for all users and look for emails that contain the words “SEO proposal” which are also newer than 180 days. When the results come back, click on ‘Explore all Emails’.

Next, select the tab ‘View Email Contents’

view email contents tab

From here the Admin forms the request that is sent to the Security Officer for approval. If you intend to delete the emails rather than just view or download them then check the ‘remove contents’ box and select your end date for this permission.

After doing that hit ‘send request’ and wait for approval to be returned from the Security Officer.

refresh the list (1) and click on the link (2)

Once you have received an approval email, remember to refresh the list (1) and click on the link (2) to display just your selected files.

You can then delete one or all of the emails using the ‘bin’ icon (3).

You can then delete one or all of the emails using the ‘bin’ icon

The emails can be removed permanently or sent to the user’s ‘trash’ folder only (tick ‘Send to Trash only’ box). Once deleted permanently they are gone forever.

The emails can be removed permanently or sent to the user’s ‘trash’ folder only (tick ‘Send to Trash only’ box). Once deleted permanently they are gone forever.

In future when you search for these emails they will still be listed in our database but they will have a strikeout line through the accounts listing.

 

Blanket Access for Admins to all Files and Emails for a range of Users

In the Security Officer section on the GAT homepage, Security Officers will find a button

The Security Officer icon in GAT

called ‘Configure Admins’

configurue admins in GAT

This area allows Security Officers to give blanket access to files or emails to a range of Admins for certain OU’s.

drive admins - granted permission to view and download al files in the specified organisations

This is ideal for situations where Admins do not need to get constant approval. An example would be in an education environment where the Admin would have open access to the Student OU’s but would still have to get selective approval from the security officer to access a file in the Staff or HR OU.

For a single OU level add a value like /Staff (Note, this will not grant access to the OU /Staff/IT).

For a full OU tree add a value like /Students/*

The Admin should now see something like this

Refresh list

After the Security Officer sets up access for the Admins to see all content, the GAT Admin should return to ‘View File Contents’ in the Drive Audit, click ‘Refresh List’, they should now see a new link for full access to the OU, click on this link to make the download and view icons appear beside all files for members of the OUs.

Be sure you also read all the steps on how GAT works before giving blanket access.

 

Non-Super Admin Auditors and Security Officers

As experienced Admins using GAT+ will know you are able to create delegated auditors. See ‘Delegated Audits – Notes to Super Admins’. A delegated auditor is the owner of a Google Group, whom a Super Admin has configured in GAT to have audit rights over all the members of that group. Delegated Auditors are not Super Admins and quite often are just ordinary G suite users like school principals or line managers. The only G Suite ‘power’ they have is that they are the owner of a Google Group.

It is now possible for these ordinary G Suite users to search for and request access to (from a Security Officer) files and emails belonging to the users in the group(s) they audit.

They may also act as Security Officers, but again they can not self-approve. Other ordinary G Suite users, like managers in a department, who are not themselves delegated auditors can be Security Officers too.

This feature set becomes enabled when the Security Officer is enabled. Again, as with elsewhere the only people who can enable a Security Officer are General Audit Tool staff. GAT staff will only enable Security Officers once the correct instructions have been given to and the correct permission received by the GAT staff.

 

 

Less is More: Email Audit

How to see the tree from the woods.

Sometimes we can be overwhelmed with search results and where we have a lot of information coming at us we sometimes want to turn down the noise a little.

In our domain, we get a lot of email from one particular source. We have a domain called go-oodles.com that we use to relay certain events.  For example, we have a series of internal cameras at sensitive doors in the building. These record to a NAS system, but to be sure we also turn some of the images into email and email them to a google account. These all come from the account camX@alerts.go-oodles.com.  As you can imagine this generates quite a bit of noise. When we’re auditing email we like to eliminate this noise.

First, we search for email from ‘alerts.go-oodles.com’

GAT 'negate filter' button

Then we hit ‘Negate Filter’ to remove these 15,000+ emails from the results.

 

This really starts to become useful when combined with another filter.

For example, if we want to see all the email with attachments, we ‘clear filter’, select the attachments box and hit ‘Search Emails’

Unfortunately, this returns all emails with attachments, including the thousands of alerts from go-oodles.com.

What we can do is go to the tab ‘Recent Filters’ and combine searches, all email ‘With Attachments’ and all email ‘not from[alerts.go-oodles.com]’

You can see we select the two filters we want, join them with ‘AND’ and hit ‘Show’.

This returns a much smaller subset of all emails with attachments, except those from ‘alerts’.

If we add dates to this search, we get an example like in line 1. (picture at top of page), which is getting all the email we want from the 30th of Jan, 2013.

We can then schedule this for 5 past midnight on the 31st of Jan.

Assuming we are on the 30th of January, this will generate a report that will run everyday showing us all the email that comes or goes the day before, with files attached, excluding all those thousands of emails from the alerting system.

How to Debug Email Routing Problems

GAT+ Lets Admins see the filters Users have in place. Useful for debugging email routing problems. Users audit, Emails, click on the filters count for the User of interest to see what the underlying filters are.

GAT Gmail filter