About the security investigation tool

Supported editions for this feature: Frontline Standard, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, Enterprise Essentials Plus, Cloud Identity Premium. Compare your edition

As an administrator, you can use the security investigation tool to identify, triage, and take action on security and privacy issues in your domain.

For example, you can use the investigation tool to:

  • Access data about devices.
  • Access device log data to get a clear view of the devices and applications being used to access your data.
  • Access data about Gmail messages, including email content. 
  • Access Gmail log data to find and erase malicious emails, mark emails as spam or phishing, or send emails to users’ inboxes.
  • View search results that list suspended users.
  • Access Drive log data to investigate file sharing in your organization, investigate the creation and deletion of documents, investigate who accessed documents, and more.

Administrator queries and actions in the investigation tool can be reviewed in Admin log event data (for more details, see Admin auditing for the security center).

For more details about which data sources are available in the investigation tool, go to Data sources for the security investigation tool.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Main menu
11294681585415739937
true
Search Help Center
true
true
true
true
true
73010
false
false