- JSON representation
- RuleViolationInfo
- RuleInfo
- ResourceInfo
- MatchInfo
- UserDefinedDetectorInfo
- PredefinedDetectorInfo
- ActionInfo
Alerts that get triggered on violations of Data Loss Prevention (DLP) rules.
| JSON representation |
|---|
{
"ruleViolationInfo": {
object ( |
| Fields | |
|---|---|
ruleViolationInfo |
Details about the violated DLP rule. Admins can use the predefined detectors provided by Google Cloud DLP https://cloud.google.com/dlp/ when setting up a DLP rule. Matched Cloud DLP detectors in this violation if any will be captured in the MatchInfo.predefined_detector. |
RuleViolationInfo
Common alert information about violated rules that are configured by Google Workspace administrators.
| JSON representation |
|---|
{ "ruleInfo": { object ( |
| Fields | |
|---|---|
ruleInfo |
Details of the violated rule. |
dataSource |
Source of the data. |
trigger |
Trigger of the rule. |
triggeringUserEmail |
Email of the user who caused the violation. Value could be empty if not applicable, for example, a violation found by drive continuous scan. |
recipients[] |
Resource recipients. For Drive, they are grantees that the Drive file was shared with at the time of rule triggering. Valid values include user emails, group emails, domains, or 'anyone' if the file was publicly accessible. If the file was private the recipients list will be empty. For Gmail, they are emails of the users or groups that the Gmail message was sent to. |
resourceInfo |
Details of the resource which violated the rule. |
matchInfo[] |
List of matches that were found in the resource content. |
triggeredActionTypes[] |
Actions applied as a consequence of the rule being triggered. |
triggeredActionInfo[] |
Metadata related to the triggered actions. |
suppressedActionTypes[] |
Actions suppressed due to other actions with higher priority. |
RuleInfo
Proto that contains rule information.
| JSON representation |
|---|
{ "resourceName": string, "displayName": string } |
| Fields | |
|---|---|
resourceName |
Resource name that uniquely identifies the rule. |
displayName |
User provided name of the rule. |
ResourceInfo
Proto that contains resource information.
| JSON representation |
|---|
{ "resourceTitle": string, // Union field |
| Fields | |
|---|---|
resourceTitle |
Title of the resource, for example email subject, or document title. |
Union field resource_id. Identifier of the resource. resource_id can be only one of the following: |
|
documentId |
Drive file ID. |
MatchInfo
Proto that contains match information from the condition part of the rule.
| JSON representation |
|---|
{ // Union field |
| Fields | |
|---|---|
Union field detector_info. Matched detector information. detector_info can be only one of the following: |
|
userDefinedDetector |
For matched detector defined by administrators. |
predefinedDetector |
For matched detector predefined by Google. |
UserDefinedDetectorInfo
Detector defined by administrators.
| JSON representation |
|---|
{ "resourceName": string, "displayName": string } |
| Fields | |
|---|---|
resourceName |
Resource name that uniquely identifies the detector. |
displayName |
Display name of the detector. |
PredefinedDetectorInfo
Detector provided by Google.
| JSON representation |
|---|
{ "detectorName": string } |
| Fields | |
|---|---|
detectorName |
Name that uniquely identifies the detector. |
ActionInfo
This type has no fields.
Metadata related to the action.