DlpRuleViolation

Alerts that get triggered on violations of Data Loss Prevention (DLP) rules.

JSON representation
{
  "ruleViolationInfo": {
    object (RuleViolationInfo)
  }
}
Fields
ruleViolationInfo

object (RuleViolationInfo)

Details about the violated DLP rule.

Admins can use the predefined detectors provided by Google Cloud DLP https://cloud.google.com/dlp/ when setting up a DLP rule. Matched Cloud DLP detectors in this violation if any will be captured in the MatchInfo.predefined_detector.

RuleViolationInfo

Common alert information about violated rules that are configured by G Suite administrators.

JSON representation
{
  "ruleInfo": {
    object (RuleInfo)
  },
  "dataSource": enum (DataSource),
  "trigger": enum (Trigger),
  "triggeringUserEmail": string,
  "recipients": [
    string
  ],
  "resourceInfo": {
    object (ResourceInfo)
  },
  "matchInfo": [
    {
      object (MatchInfo)
    }
  ],
  "triggeredActionTypes": [
    enum (ActionType)
  ],
  "suppressedActionTypes": [
    enum (ActionType)
  ]
}
Fields
ruleInfo

object (RuleInfo)

Details of the violated rule.

dataSource

enum (DataSource)

Source of the data.

trigger

enum (Trigger)

Trigger of the rule.

triggeringUserEmail

string

Email of the user who caused the violation. Value could be empty if not applicable, for example, a violation found by drive continuous scan.

recipients[]

string

Resource recipients.

For Drive, they are grantees that the Drive file was shared with at the time of rule triggering. Valid values include user emails, group emails, domains, or 'anyone' if the file was publicly accessible. If the file was private the recipients list will be empty.

For Gmail, they are emails of the users or groups that the Gmail message was sent to.

resourceInfo

object (ResourceInfo)

Details of the resource which violated the rule.

matchInfo[]

object (MatchInfo)

List of matches that were found in the resource content.

triggeredActionTypes[]

enum (ActionType)

Actions applied as a consequence of the rule being triggered.

suppressedActionTypes[]

enum (ActionType)

Actions suppressed due to other actions with higher priority.

RuleInfo

Proto that contains rule information.

JSON representation
{
  "resourceName": string,
  "displayName": string
}
Fields
resourceName

string

Resource name that uniquely identifies the rule.

displayName

string

User provided name of the rule.

ResourceInfo

Proto that contains resource information.

JSON representation
{
  "resourceTitle": string,
  "documentId": string
}
Fields
resourceTitle

string

Title of the resource, for example email subject, or document title.

documentId

string

Drive file ID.

MatchInfo

Proto that contains match information from the condition part of the rule.

JSON representation
{

  // Union field detector_info can be only one of the following:
  "userDefinedDetector": {
    object (UserDefinedDetectorInfo)
  },
  "predefinedDetector": {
    object (PredefinedDetectorInfo)
  }
  // End of list of possible types for union field detector_info.
}
Fields
Union field detector_info. Matched detector information. detector_info can be only one of the following:
userDefinedDetector

object (UserDefinedDetectorInfo)

For matched detector defined by administrators.

predefinedDetector

object (PredefinedDetectorInfo)

For matched detector predefined by Google.

UserDefinedDetectorInfo

Detector defined by administrators.

JSON representation
{
  "resourceName": string,
  "displayName": string
}
Fields
resourceName

string

Resource name that uniquely identifies the detector.

displayName

string

Display name of the detector.

PredefinedDetectorInfo

Detector provided by Google.

JSON representation
{
  "detectorName": string
}
Fields
detectorName

string

Name that uniquely identifies the detector.