You can enable the option ‘Alert on 2FA disabled’. This alarm is fired whenever a user or an Admin disables an account’s 2FA mechanism when it had been working. For organizations that depend on high levels of security, this is a vital alarm to alert Admins to dangers.
You can also get alerted when 2FA codes are used by users.
https://generalaudittool.com/wp-content/uploads/2017/11/Disable-alarm.png448446Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2018-12-19 03:04:502018-12-20 12:43:02Alert of Disabled 2 Factor Authentication
Using the real-time alert rules within GAT Shield an admin can set up a rule to prevent certain file types from being downloaded to a user’s device.
To set up a download rule, go to the Configuration section of GAT Shield. And enter the Alert Rules section.
Click on the Add a rule button, and select File download.
Once the menu appears, do the following:
Give the rule a meaningful name, in my case, I will prevent mp3 and mp4 files from being downloaded.
Make sure to enable ‘Active’ so that the rule will be active once the rule set up is complete.
I entered mp3;mp4 I used a semicolon to separate the two file types. A semicolon is not necessary if only one file type is being covered.
You have an option available to block files based on their file size as well. Anything equal to or above the value you have entered. For example, I can enter 20 MB. That means any mp3 or mp4 equal to or greater than 20 MB will be blocked from being downloaded others which are less won’t.
The Cancel/delete download will be enabled because we want this rule to block and prevent downloads if left unchecked it would only notify you and not take any action.
Site exclusions are useful if you have some educational sites where downloading of mp3 or mp4 are allowed.
Now we need to indicate which users will be covered by this rule. I have used the OU option, and I’ve selected the root user OU / and I have also included sub. Org units. This means my entire domain is covered by this rule (well actually users who have Shield deployed on their accounts). You can indicate a sub OU like /Students and enable the option to cover its sub-OUs if you wish.
You can also take actions like shutting the webpage down or showing a custom warning message to the students.
The last 3 options allow you to report the file name, capture the screen the user was on and take a picture of the user using the webcam of the device (if Shield Companion app is deployed as well).
All alerts will be sent to you via email and you can also find them in the Shield Alerts section.
https://generalaudittool.com/wp-content/uploads/2018/11/Screenshot-2018-11-05-at-17.15.10.png658974Enrique Gomezhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngEnrique Gomez2018-12-03 13:39:352018-12-07 14:10:07Prevent MP3 files and other file types from being downloaded
In the Shield Alerts section of GAT Shield, you can view all the instances where your users have violated any Alert Rules.
You can see the video instead of reading the post.
To know how to create an Alert Rule you can watch our video covering the topic.
In the Alerts Explorer, you can view a list of all the times a rule was violated.
You can see data such as the Rule name, The Rule type, Page info if it was a URL visit, how long ago the Rule was violated, the User who violated the rule and whether the Status of the alert was still open or acknowledged by an Admin.
Clicking the check mark will change the status indicator to a green Acknowledged status.
This is so you can let other Administrators on your domain know the alert was investigated.
By clicking the eye Icon you can get all the details of that alert, as well as the admin who acknowledged it.
Device information such as the rule violators Shield UUID, OS, IP details and location information is also available in this area.
https://generalaudittool.com/wp-content/uploads/2018/03/GAT-Shield-alert-rules-for-G-Suite-Admins.jpg6681000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2018-08-30 16:16:022018-08-30 16:16:02See Who Violated Your Domain's Usage Rules with GAT Shield
GAT Shield’s Alert Rules allows admins to stop and report unsafe downloads by users on your domain.
Here’s the video how-to:
To do this, select the ‘Alert Rules’ section. First, we’ll add a rule for downloads. Then, we’ll name the rule EXE and PNG blocked. In the file extension box, we’ll put EXE and PNG separated with a semicolon. Checking to cancel ‘delete/download’ box will prevent a download from happening. And if it’s already downloaded, it will be deleted. We can then apply these rules to a User, Group, or OU. You can also exclude a User, Group or OU from this rule. In the end user action, you can pick what will happen if a user violates this rule. You can check report file name screen capture and webcam captured to see who downloaded the file and what their screen and webcam were capturing at the time of the download. You can also whitelist certain web pages whitelist rule will not apply.
If you unchecked the ‘cancel/delete download’ button, but have any reports checked, you will only receive a report instead of interrupting to download.
That concludes this GAT Shield how-to. Thanks for watching.
https://generalaudittool.com/wp-content/uploads/2018/06/shutterstock_189688367.jpg375500Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2018-06-15 11:43:352018-06-15 11:53:56How to Report and Remove Files Downloaded by Users Using GAT Shield
https://generalaudittool.com/wp-content/uploads/2018/06/shutterstock_731504416.jpg270500Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2018-06-14 12:23:152018-06-14 15:17:47How to Refresh Alert Rules in GAT Shield
Since it’s Pride Month, we’ve decided to share with you a few ways you can protect your LGBTQ students in school. The featured video shows you how you can use GAT Shield to spot LGBTQ offensive language in schools:
The past few years has seen significant progress in the tackling of LGBTQ offensive language in schools. This is to a large degree due to the rising number of schools combating LGBTQ bullying by launching awareness campaigns. It is no secret that the use of homophobic language has a negative impact on LGBTQ students. At the very least, it can impact the affected student’s happiness at school, their grades, and their social life. At its worst, it can affect the student’s mental health and wellbeing. Continued use of homophobic language can quickly escalate into more serious homophobic bullying. That’s why school officials of all levels need to be trained on how to successfully challenge homophobic language in the classroom. Awareness campaigns on their own need to be supplemented with continued strategic action year-round in order to achieve the greatest level of success possible.
To help teachers and admins like you take continued action in protecting students from the LGBTQ community in schools, we have compiled a short list of 3 things you and your colleagues can do to raise awareness and support the LGBTQ community.
#1 Create a school policy that clearly states homophobic language is wrong and will not be tolerated and ensure it is promoted. Something as simple as a new policy implementation can set a strong authoritative tone throughout the school’s community. Guidelines should clearly lay out how any member of the school can go about reporting hateful language to the relevant bodies. Remember to regularly remind both staff and students of the policy so that it remains top of mind more often than not.
#2 Train staff how to deal with homophobic language in the school. It has been reported that many teachers fail to address homophobic bullying of students simply because they do not know how to reprimand or combat such behaviour. Training school staff of all levels will both help staff members gain the confidence needed to tackle the problem and do it more effectively and efficiently.
#3 Use explaining language. Banning certain words and phrases may seem like the simplest most straightforward solution but we need to consider the demographic we are trying to influence. Many kids will want to rebel in the face of direct prohibitions. The best way to deal with such behaviour is by explaining to these kids just why certain words and phrases are hurtful to members of the LGBTQ community and are therefore banned. You might be surprised at how many students will respond to this approach.
If you would like further in-depth reading about tackling homophobic language in schools then you should check out this pdf. Now that we’ve addressed a few simple yet powerful strategies schools can implement to raise awareness about LGBTQ offensive language, here is what you can do with GAT Shield to take this one step further.
GAT Shield is a powerful audit, reporting and security tool for the Chrome environment. It helps protect your users by monitoring all activity and providing real-time DLP on all sites, in all locations and at all times.
But in this post, we’ll be focusing on a specific GAT Shield feature called ‘Alerts’.
It is different from GAT+ in that Shield sends an alert to a designated G Suite admin the moment a blacklisted word is typed.
This is one way of catching prohibited language used in your students’ G Suite and Chrome environment. In the Configuration section of GAT Shield, we provide a multitude of real-time alerts which you can put into place.
We created a new one for this awareness month.
The rule is called the “Homophobic Language Detected” template which you can modify to add locally used homophobic words your users type.
Using these alerts, the admin will be notified immediately every time their users are typing homophobic words and other keywords which are also scanned and identified after typing which may be on the site already.
This powerful functionality will allow you not to only report but also to take action, some of those actions may be to show a warning message to your users, or to shut down the webpage. You can also capture a screenshot of the webpage and capture the user behind the device who typed in the homophobic word.
https://generalaudittool.com/wp-content/uploads/2018/06/lgbtq.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2018-06-14 10:36:472018-07-18 10:46:52Stopping LGBTQ Offensive Language in Schools
The regular expression word (weight of ‘1’) AND any other keyword or keywords (whose weight you can assign when adding the keywords) must equal or exceed the ‘Alert Threshold’ value (which you can also assign). This is how you adjust alert test sensitivity.
The rule is set with an alert threshold of 3.
For this alert rule to fire the regular expression MUST be matched at least once, this gives a score of 1.
The alert is not triggered because the threshold is 3. GAT Shield scans the rest of the text or waits until more text is typed.
If it sees blank, another 1 is added to the score. If it sees Prize Money another 1 is added. Now the score has reached the threshold and the alert is triggered.
It could also have been triggered by just the credit card number and the word Draw, this would have scored 4.
If the words Draw, Bank, Money, all appeared but no credit card number, then the alert would not have triggered.
Note: GAT Shield reads all text in the computer screen buffers, including text (which may contain trigger words) that does not appear visible because it may be out of scroll or the web page developer has it hidden.
https://generalaudittool.com/wp-content/uploads/2018/04/set-an-alert-rule.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2018-04-17 14:01:152018-04-17 14:02:20Alert Rule Scoring in GAT Shield
The Admin can then send that file to another Admin on a different domain. The second Admin can change references to the old domain and insert his address and domain into the file in the same locations. The rule can then be uploaded into the new domain with the rule ‘Upload’ button and selecting the modified json file.
Once the rule it uploaded it can be further edited and refined by the Admin on the new domain.
In this way, rules can be shared easily between different Admins and Domains.
https://generalaudittool.com/wp-content/uploads/2018/03/GAT-Shield-alert-rules-for-G-Suite-Admins.jpg6681000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2018-03-23 10:09:472018-04-12 13:14:00Export and Import GAT Shield Alert Rules for G Suite
GAT Shield has added a new alert type: Document inspection. Existing alerts monitor what the users type, now we can read documents they open. This new alert will read Google Docs and Sheets as well as Microsoft docs and sheets opened in previews and identify content to be alerted on, even if that content is not appearing on screen. The user must open the document for the alert to work. IT WILL NOT inspect documents at rest.
GAT Shield has a new Alert Type based on IP address or IP subnet. Admins can now set an alarm when a user uses a Chrome browser on a particular address or subnet. The rule can also be reversed to alarm when a device is used off an address or subnet. This is ideal for use in locations where the Google GPS function (used by GAT for map-based alerts) is not well defined or the workspace is very narrow.
https://generalaudittool.com/wp-content/uploads/2017/11/alarrm-bell.png7121048Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2017-11-29 11:25:072017-11-29 11:25:44How to Set an Alert Type Based IP Address or IP subnet