GAT lets G Suite Admins search all Domain-wide email folders and email contents and attachments with the same ease it lets you search Domain-wide drive folders and contents.
This is like a Gmail UI search but applied to all or some of your accounts. You can use all the search parameters described here.
The string below is the suggested opening search string for PCI compliance testing using GAT. Cut and paste into the ‘Domain Gmail Search’ field ‘ Full-Text Search’. You may add or subtract from the list as appropriate, to a max of 1024 characters. Should you need a longer search string, use 2 searches.
‘Amex’ OR “American Express” OR ‘Mastercard’ OR ‘Visa’ OR ‘Discover’ OR “Diner’s Club” OR “Diners Club” OR ‘JCB’ OR ‘CCV’ OR ‘CID’
You will notice the string above is starting inside a bracket. This is because the full string set of strings can also be enclosed in brackets as follows …
(‘Amex’ OR “American Express” OR ‘Mastercard’ OR ‘Visa’ OR ‘Discover’ OR “Diner’s Club” OR “Diners Club” OR ‘JCB’ OR ‘CCV2’ OR ‘CID’)
Allow some time for the search to finish, in particular for larger domains. Searches may be confined to users, groups or OU’s to improve on-screen interaction, domain-wide (and all another type) searches may be run as scheduled jobs.
When finished click on the link ‘Explore all emails’ to examine the returned results
This search ‘context’ remains in force for all subsequent filter operations. It can be further refined with any of the many other filters available.
To exit this context and start a new search click on ‘Exit’ as indicated in the image above.
Full-text search in the General Audit Tool happens without email extraction. This means your data never leaves your domain, the search is passed in for Google to complete. Only the metadata of emails with potential hits are passed back out. This is by far the most secure method of third-party testing for PCI compliance and means credit card details or other confidential information is not passed out to the third party and thus avoids lengthening the chain of vulnerability.
This method is also suitable for abusive language, bullying language or any other context searches.
A content search feature in the Drive Audit
How to search every email in every mailbox