Conduct Payment Card Industry Data Security Standard (PCI DSS) Compliance Testing

GAT lets G Suite Admins search all Domain-wide email folders and email contents and attachments with the same ease it lets you search Domain-wide Drive folders and contents.

This is like a Gmail UI search but applied to all or some of your accounts. You can use all the search parameters described here.

The string below is the suggested opening search string for Payment Card Industry Data Security Standard (PCI DSS) compliance testing using GAT+.

(See our third-party risk assessment post addressing PCI DSSP)

Cut and paste into the ‘Gmail Search’ tab of Email audit. You may add or subtract from the list as appropriate, to a max of 1024 characters. Should you need a longer search string, use 2 searches.

‘Amex’ OR “American Express” OR ‘Mastercard’ OR ‘Visa’ OR ‘Discover’ OR “Diner’s Club” OR “Diners Club” OR ‘JCB’ OR ‘CCV’ OR ‘CID’

You will notice the string above is starting inside a bracket. This is because the full string set of strings can also be enclosed in brackets as follows:

(‘Amex’ OR “American Express” OR ‘Mastercard’ OR ‘Visa’ OR ‘Discover’ OR “Diner’s Club” OR “Diners Club” OR ‘JCB’ OR ‘CCV2’ OR ‘CID’)  

Allow some time for the search to finish, in particular for larger domains.  Searches may be confined to users, groups or OU’s to improve on-screen interaction, domain-wide (and all another type) searches may be run as scheduled jobs.

In our case, we search for the whole domain and its sub-OU.

When the scan is finished click on the green button in actions  to examine the returned results

This search ‘context’ remains in force for all subsequent filter operations. It can be further refined with any of the many other filters available.

Full-text search in the General Audit Tool happens without email extraction. This means your data never leaves your domain, the search is passed in for Google to complete. Only the metadata of emails with potential hits are passed back out. This is by far the most secure method of third-party testing for PCI compliance and means credit card details or other confidential information is not passed out to the third party and thus avoids lengthening the chain of vulnerability.

This method is also suitable for abusive language, bullying language or any other context searches.

Searching for Every Email in Every Mailbox

Gmail Search is live search for you your entire domain.
This allows you to search for any piece of text in any email in any mailbox on a Google apps domain. You can also find all emails.

Note – this process may take a long time.

In this case we are looking for every email in every mailbox. This includes all messages sent from and to our domain including “chats”.

Note: if you would like to exclude chats you simply use this: “in:all -in:chats”

When the search has finished you can click on the green button, to show the result.

Once the results are displayed you can explore all the results returned.

How to Schedule Reports for Top 10 or More Email Senders and Receivers

This post will show you how GAT+ can generate a report of all email activity for each user. The report can be scheduled daily, weekly or monthly and will be generated in the form of a spreadsheet that can be sorted by the desired column. The report will cover both internal and external email.

To start building this scheduled report the Admin should go to the Users audit first select the group or OU to report on, then select the Emails tab, followed by clicking the Show daily stats link

From there, select the ‘Schedule’ link

At this point, the Admin will be able to choose the exact type of report s/he wants.

For the daily report, select as a schedule ‘Every day – after midnight’ or choose a custom Cron period. You can also choose the report type such as ‘New spreadsheet will be created for each day’.

You may also add additional email recipients for the report.

You can now also select both the number of results you want, the order in which you want them sorted and select from a wide range of sort fields. 

Once you have made the selection, press ‘Update’ and the job will become a scheduled job for your domain. A new spreadsheet will be created every day, cover the previous day. The Admin will be emailed a link of the spreadsheet.


An example of the spreadsheet output looks like this.

Freeze row 1 and then select any column of interest,  finally sort the sheet based on that column in the Z to A order to bring the largest numbers to the top.

Here is an example of a calendar monthly aggregate report

You might also find these posts relevant:  

Demonstrating GAT+’s Powerful Reporting Range

4 Great Scheduled Audits You Should Set in GAT

Scheduled Report for Top 10 (and more) Email Senders and Receivers (by emails, by attachments, by bytes)

Report Files Created in the Last 24 Hours


How to Do an Email Header Search

GAT supports the search of all email headers in all emails for all accounts on your domain. This can be a particularly useful feature for forensic investigations, where for example you want to find all the emails that went to or from a particular IP address.

In your Gmail tab, when you are reading any message, you will see in the top right-hand corner of the message, a drop down menu.


In your Gmail tab, when you are reading any message, you will see in the top right-hand corner of the message, a drop down menu.

Selecting that drop-down allows you to select ‘Show original’ which displays the original email in raw format on a new tab.

Doing this exposes all the header information, an example snippet of which you can see on the left.

GAT allows to search this header information based on just two search criteria, the name of the header you want to find (no “:” required) and part of the string in that header.

No extra formatting is required and in the case where the header name is repeated several times, all instances of that name in all emails will be searched for.

In this example, we are searching for email that passed through a particular server identified by IP address.



The search process takes a long time so you should be prepared to go and have a cup of coffee…

When the results come back you can click on ‘Explore all emails’ to see all the emails in all accounts that match your criteria.