Chrome Audit Activity Events

This document lists the events and parameters for various types of Chrome Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=chrome.

Add or remove user

A type for ChromeOS add or remove user events. Events of this type are returned with type=CHROME_OS_ADD_REMOVE_USER_TYPE.

ChromeOS user added

User added from ChromeOS.

Event details
Event name CHROME_OS_ADD_USER
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_ADD_USER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has been added to ChromeOS device {DEVICE_NAME}

ChromeOS user removed

User removed from ChromeOS.

Event details
Event name CHROME_OS_REMOVE_USER
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
REMOVE_USER_REASON

string

Parameter explaining why a user was removed from a device. Possible values:

  • DEVICE_EPHEMERAL_USERS_ENABLED
    Reason why a user was removed from a device.
  • LOCAL_USER_INITIATED
    Reason why a user was removed from a device.
  • LOCAL_USER_INITIATED_ON_REQUIRED_UPDATE
    Reason why a user was removed from a device.
  • REMOTE_ADMIN_INITIATED
    Reason why a user was removed from a device.
  • USER_REMOVED_UNKNOWN_REASON
    Reason why a user was removed from a device.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_REMOVE_USER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has been removed from ChromeOS device {DEVICE_NAME} due to {REMOVE_USER_REASON}

Change device boot mode

A type for device boot mode change events. Events of this type are returned with type=DEVICE_BOOT_STATE_CHANGE_TYPE.

Device boot state change

ChromeOS device boot mode changed.

Event details
Event name DEVICE_BOOT_STATE_CHANGE
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
NEW_BOOT_MODE

string

New device boot mode. Possible values:

  • DEVELOPER
    Device boot mode state.
  • UNKNOWN
    Device boot mode state.
  • VERIFIED
    Device boot mode state.
PREVIOUS_BOOT_MODE

string

Previous device boot mode. Possible values:

  • DEVELOPER
    Device boot mode state.
  • UNKNOWN
    Device boot mode state.
  • VERIFIED
    Device boot mode state.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=DEVICE_BOOT_STATE_CHANGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Device boot mode has changed from {PREVIOUS_BOOT_MODE} to {NEW_BOOT_MODE} mode for ChromeOS device {DEVICE_NAME}

ChromeOS login or logout event type

A type for chromeos login events. Events of this type are returned with type=CHROME_OS_LOGIN_LOGOUT_TYPE.

ChromeOS login failure

ChromeOS Login Failure Event name.

Event details
Event name CHROME_OS_LOGIN_FAILURE_EVENT
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
LOGIN_FAILURE_REASON

string

Login failure event reason parameter. Possible values:

  • AUTHENTICATION_ERROR
    Reason why a login failure occurred.
  • COULD_NOT_MOUNT_TMPFS
    Reason why a login failure occurred.
  • MISSING_CRYPTOHOME
    Reason why a login failure occurred.
  • OWNER_REQUIRED
    Reason why a login failure occurred.
  • TPM_ERROR
    Reason why a login failure occurred.
  • TPM_UPDATE_REQUIRED
    Reason why a login failure occurred.
  • UNKNOWN_FAILURE
    Reason why a login failure occurred.
  • UNRECOVERABLE_CRYPTOHOME
    Reason why a login failure occurred.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_LOGIN_FAILURE_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has attempted and failed to log into ChromeOS device {DEVICE_NAME} due to {LOGIN_FAILURE_REASON}

ChromeOS login or logout

ChromeOS Login Logout Event name.

Event details
Event name CHROME_OS_LOGIN_LOGOUT_EVENT
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_LOGIN_LOGOUT_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} successfully logged in or out of device {DEVICE_NAME}

ChromeOS login success

ChromeOS Login Event name.

Event details
Event name CHROME_OS_LOGIN_EVENT
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_LOGIN_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has successfully logged into ChromeOS device {DEVICE_NAME}

ChromeOS logout

ChromeOS Logout Event name.

Event details
Event name CHROME_OS_LOGOUT_EVENT
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_LOGOUT_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has successfully logged out from ChromeOS device {DEVICE_NAME}

ChromeOS reporting data error type

A type for ChromeOS reporting data error events. Events of this type are returned with type=CHROME_OS_REPORTING_DATA_LOST_TYPE.

ChromeOS reporting data error

ChromeOS reporting data error event name.

Event details
Event name CHROME_OS_REPORTING_DATA_LOST
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_REPORTING_DATA_LOST&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
An event was expected to be reported but failed to complete for device {DEVICE_NAME}

Chrome Safe Browsing password event type

A type for any Chrome Safe Browsing password events. Events of this type are returned with type=SAFE_BROWSING_PASSWORD_ALERT.

Password changed

Chrome Safe Browsing password changed event name.

Event details
Event name PASSWORD_CHANGED
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_USER

string

Trigger user event parameter.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=PASSWORD_CHANGED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Password changed for {TRIGGER_USER}

Password reuse

Chrome Safe Browsing password reuse event name.

Event details
Event name PASSWORD_REUSE
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_USER

string

Trigger user event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=PASSWORD_REUSE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Password reuse for {TRIGGER_USER}

ChromeOS Dlp Event

A type for ChromeOS DlpEvent events, indicating that one defined DLP rule has been hit. Events of this type are returned with type=DLP_EVENTS_TYPE.

Data access control

ChromeOS Dlp Event name.

Event details
Event name DLP_EVENT
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_DESTINATION

string

A parameter that contains the destination of the rule which triggered the event.

TRIGGER_SOURCE

string

A parameter that contains the source of the rule which triggered the event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
TRIGGERED_RULES_REASON

string

Triggered rules reason event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=DLP_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Data access control rule triggered by ChromeOS

Content transfer event type

A type for content transfer events. Events of this type are returned with type=CONTENT_TRANSFER_TYPE.

Content transfer

Content transfer event name.

Event details
Event name CONTENT_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CONTENT_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Content was transfered

Content unscanned event type

A type for conent unscanned events. Events of this type are returned with type=CONTENT_UNSCANNED_TYPE.

Content unscanned

Unscanned content event name.

Event details
Event name CONTENT_UNSCANNED
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CONTENT_UNSCANNED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
The transfered content was not scanned because of {EVENT_REASON_ENUM_TYPE}

Extension request event type

A type for extension request events. Events of this type are returned with type=EXTENSION_REQUEST_TYPE.

Extension request

Extension request event name.

Event details
Event name EXTENSION_REQUEST
Parameters
APP_NAME

string

App name.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_NAME

string

Device name event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

ORG_UNIT_NAME

string

Org unit name.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

USER_JUSTIFICATION

string

A parameter that contains a justification message provided by users.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=EXTENSION_REQUEST&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Request for extension {APP_NAME} was received

Login event type

A type for login events. Events of this type are returned with type=LOGIN_EVENT_TYPE.

Login

Login event name.

Event details
Event name LOGIN_EVENT
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

FEDERATED_ORIGIN

string

A parameter that contains the domain of the federated 3rd party provding the login flow.

IS_FEDERATED

boolean

A parameter that contains whether the login is through a federated 3rd party.

LOGIN_USER_NAME

string

A Parameter that contains the username used by the user when performing the login that triggered the login event report.

PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=LOGIN_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
A login was performed

Malware transfer event type

A type for malware transfer events. Events of this type are returned with type=MALWARE_TRANSFER_TYPE.

Malware transfer

Malware data transfer event name.

Event details
Event name MALWARE_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
EVIDENCE_LOCKER_FILEPATH

string

A parameter that contains the filepath of the evidence locker.

PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

USER_JUSTIFICATION

string

A parameter that contains a justification message provided by users.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=MALWARE_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Malware was detected in the tranferred content for {TRIGGER_USER}

Password breach event type

A type for password breach events, indicating that one of the user's password was identified as being leaked. Events of this type are returned with type=PASSWORD_BREACH_TYPE.

Password breach

Password breach event name.

Event details
Event name PASSWORD_BREACH
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
TRIGGER_USER

string

Trigger user event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=PASSWORD_BREACH&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
A user's password was breached

Sensitive data transfer event type

A type for senstive data transfer events. Events of this type are returned with type=SENSITIVE_DATA_TRANSFER_TYPE.

Sensitive data transfer

Sensitive data transfer event name.

Event details
Event name SENSITIVE_DATA_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
EVIDENCE_LOCKER_FILEPATH

string

A parameter that contains the filepath of the evidence locker.

PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
TRIGGERED_RULES_REASON

string

Triggered rules reason event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

USER_JUSTIFICATION

string

A parameter that contains a justification message provided by users.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=SENSITIVE_DATA_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Sensitive data was detected in the transferred content for {TRIGGER_USER}

Unsafe site visit event type

A type for unsafe site visit events. Events of this type are returned with type=UNSAFE_SITE_VISIT_TYPE.

Unsafe site visit

Unsafe site visit event name.

Event details
Event name UNSAFE_SITE_VISIT
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=UNSAFE_SITE_VISIT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Unsafe site visit warning shown for {TRIGGER_USER}