Chrome Audit Activity Events

This document lists the events and parameters for various types of Chrome Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=chrome.

Chrome Safe Browsing password event type

A type for any Chrome Safe Browsing password events. Events of this type are returned with type=SAFE_BROWSING_PASSWORD_ALERT.

Password changed

Chrome Safe Browsing password changed event name.

Event details
Event name PASSWORD_CHANGED
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a Chrome OS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

A parameter that contains the directory API device id of the device or browser on which the event happened.

PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_USER

string

Trigger user event parameter.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

A parameter that contains the virtual device id of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=PASSWORD_CHANGED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Password changed for {TRIGGER_USER}

Password reuse

Chrome Safe Browsing password reuse event name.

Event details
Event name PASSWORD_REUSE
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a Chrome OS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

A parameter that contains the directory API device id of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_USER

string

Trigger user event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

A parameter that contains the virtual device id of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=PASSWORD_REUSE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Password reuse for {TRIGGER_USER}

Content transfer event type

A type for content transfer events. Events of this type are returned with type=CONTENT_TRANSFER_TYPE.

Content transfer

Content transfer event name.

Event details
Event name CONTENT_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a Chrome OS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

A parameter that contains the directory API device id of the device or browser on which the event happened.

EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

A parameter that contains the virtual device id of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CONTENT_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Content was transfered

Content unscanned event type

A type for conent unscanned events. Events of this type are returned with type=CONTENT_UNSCANNED_TYPE.

Content unscanned

Unscanned content event name.

Event details
Event name CONTENT_UNSCANNED
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a Chrome OS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

A parameter that contains the directory API device id of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

A parameter that contains the virtual device id of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CONTENT_UNSCANNED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
The transfered content was not scanned because of {EVENT_REASON_ENUM_TYPE}

Malware transfer event type

A type for malware transfer events. Events of this type are returned with type=MALWARE_TRANSFER_TYPE.

Malware transfer

Malware data transfer event name.

Event details
Event name MALWARE_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a Chrome OS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

A parameter that contains the directory API device id of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • WARNED
    The user was warned about the event.
EVIDENCE_LOCKER_FILEPATH

string

A parameter that contains the filepath of the evidence locker.

PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

A parameter that contains the virtual device id of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=MALWARE_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Malware was detected in the tranferred content for {TRIGGER_USER}

Sensitive data transfer event type

A type for senstive data transfer events. Events of this type are returned with type=SENSITIVE_DATA_TRANSFER_TYPE.

Sensitive data transfer

Sensitive data transfer event name.

Event details
Event name SENSITIVE_DATA_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a Chrome OS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

A parameter that contains the directory API device id of the device or browser on which the event happened.

EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • WARNED
    The user was warned about the event.
EVIDENCE_LOCKER_FILEPATH

string

A parameter that contains the filepath of the evidence locker.

PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
TRIGGERED_RULES_REASON

string

Triggered rules reason event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

A parameter that contains the virtual device id of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=SENSITIVE_DATA_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Sensitive data was detected in the transferred content for {TRIGGER_USER}

Unsafe site visit event type

A type for unsafe site visit events. Events of this type are returned with type=UNSAFE_SITE_VISIT_TYPE.

Unsafe site visit

Unsafe site visit event name.

Event details
Event name UNSAFE_SITE_VISIT
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a Chrome OS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

A parameter that contains the directory API device id of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

A parameter that contains the virtual device id of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=UNSAFE_SITE_VISIT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Unsage site visit warning shown for {TRIGGER_USER}