Chrome Audit Activity Events

Stay organized with collections Save and categorize content based on your preferences.

This document lists the events and parameters for various types of Chrome Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=chrome.

Add or remove user

A type for ChromeOS add or remove user events. Events of this type are returned with type=CHROME_OS_ADD_REMOVE_USER_TYPE.

ChromeOS user added

User added from ChromeOS.

Event details
Event name CHROME_OS_ADD_USER
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_ADD_USER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has been added to ChromeOS device {DEVICE_NAME}

ChromeOS user removed

User removed from ChromeOS.

Event details
Event name CHROME_OS_REMOVE_USER
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
REMOVE_USER_REASON

string

Parameter explaining why a user was removed from a device. Possible values:

  • DEVICE_EPHEMERAL_USERS_ENABLED
    Reason why a user was removed from a device.
  • LOCAL_USER_INITIATED
    Reason why a user was removed from a device.
  • LOCAL_USER_INITIATED_ON_REQUIRED_UPDATE
    Reason why a user was removed from a device.
  • REMOTE_ADMIN_INITIATED
    Reason why a user was removed from a device.
  • USER_REMOVED_UNKNOWN_REASON
    Reason why a user was removed from a device.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_REMOVE_USER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has been removed from ChromeOS device {DEVICE_NAME} due to {REMOVE_USER_REASON}

Change device boot mode

A type for device boot mode change events. Events of this type are returned with type=DEVICE_BOOT_STATE_CHANGE_TYPE.

Device boot state change

ChromeOS device boot mode changed.

Event details
Event name DEVICE_BOOT_STATE_CHANGE
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
NEW_BOOT_MODE

string

New device boot mode. Possible values:

  • DEVELOPER
    Device boot mode state.
  • UNKNOWN
    Device boot mode state.
  • VERIFIED
    Device boot mode state.
PREVIOUS_BOOT_MODE

string

Previous device boot mode. Possible values:

  • DEVELOPER
    Device boot mode state.
  • UNKNOWN
    Device boot mode state.
  • VERIFIED
    Device boot mode state.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=DEVICE_BOOT_STATE_CHANGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Device boot mode has changed from {PREVIOUS_BOOT_MODE} to {NEW_BOOT_MODE} mode for ChromeOS device {DEVICE_NAME}

ChromeOS login or logout event type

A type for chromeos login events. Events of this type are returned with type=CHROME_OS_LOGIN_LOGOUT_TYPE.

ChromeOS login failure

ChromeOS Login Failure Event name.

Event details
Event name CHROME_OS_LOGIN_FAILURE_EVENT
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
LOGIN_FAILURE_REASON

string

Login failure event reason parameter. Possible values:

  • AUTHENTICATION_ERROR
    Reason why a login failure occurred.
  • COULD_NOT_MOUNT_TMPFS
    Reason why a login failure occurred.
  • MISSING_CRYPTOHOME
    Reason why a login failure occurred.
  • OWNER_REQUIRED
    Reason why a login failure occurred.
  • TPM_ERROR
    Reason why a login failure occurred.
  • TPM_UPDATE_REQUIRED
    Reason why a login failure occurred.
  • UNKNOWN_FAILURE
    Reason why a login failure occurred.
  • UNRECOVERABLE_CRYPTOHOME
    Reason why a login failure occurred.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_LOGIN_FAILURE_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has attempted and failed to log into ChromeOS device {DEVICE_NAME} due to {LOGIN_FAILURE_REASON}

ChromeOS login or logout

ChromeOS Login Logout Event name.

Event details
Event name CHROME_OS_LOGIN_LOGOUT_EVENT
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_LOGIN_LOGOUT_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} successfully logged in or out of device {DEVICE_NAME}

ChromeOS login success

ChromeOS Login Event name.

Event details
Event name CHROME_OS_LOGIN_EVENT
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_LOGIN_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has successfully logged into ChromeOS device {DEVICE_NAME}

ChromeOS logout

ChromeOS Logout Event name.

Event details
Event name CHROME_OS_LOGOUT_EVENT
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_LOGOUT_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{DEVICE_USER} has successfully logged out from ChromeOS device {DEVICE_NAME}

ChromeOS reporting data error type

A type for ChromeOS reporting data error events. Events of this type are returned with type=CHROME_OS_REPORTING_DATA_LOST_TYPE.

ChromeOS reporting data error

ChromeOS reporting data error event name.

Event details
Event name CHROME_OS_REPORTING_DATA_LOST
Parameters
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CHROME_OS_REPORTING_DATA_LOST&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
An event was expected to be reported but failed to complete for device {DEVICE_NAME}

Chrome Safe Browsing password event type

A type for any Chrome Safe Browsing password events. Events of this type are returned with type=SAFE_BROWSING_PASSWORD_ALERT.

Password changed

Chrome Safe Browsing password changed event name.

Event details
Event name PASSWORD_CHANGED
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_USER

string

Trigger user event parameter.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=PASSWORD_CHANGED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Password changed for {TRIGGER_USER}

Password reuse

Chrome Safe Browsing password reuse event name.

Event details
Event name PASSWORD_REUSE
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_USER

string

Trigger user event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=PASSWORD_REUSE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Password reuse for {TRIGGER_USER}

ChromeOS Dlp Event

A type for ChromeOS DlpEvent events, indicating that one defined DLP rule has been hit. Events of this type are returned with type=DLP_EVENTS_TYPE.

Data access control

ChromeOS Dlp Event name.

Event details
Event name DLP_EVENT
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_DESTINATION

string

A parameter that contains the destination of the rule which triggered the event.

TRIGGER_SOURCE

string

A parameter that contains the source of the rule which triggered the event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
TRIGGERED_RULES_REASON

string

Triggered rules reason event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=DLP_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Data access control rule triggered by ChromeOS

Content transfer event type

A type for content transfer events. Events of this type are returned with type=CONTENT_TRANSFER_TYPE.

Content transfer

Content transfer event name.

Event details
Event name CONTENT_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CONTENT_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Content was transfered

Content unscanned event type

A type for conent unscanned events. Events of this type are returned with type=CONTENT_UNSCANNED_TYPE.

Content unscanned

Unscanned content event name.

Event details
Event name CONTENT_UNSCANNED
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=CONTENT_UNSCANNED&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
The transfered content was not scanned because of {EVENT_REASON_ENUM_TYPE}

Extension request event type

A type for extension request events. Events of this type are returned with type=EXTENSION_REQUEST_TYPE.

Extension request

Extension request event name.

Event details
Event name EXTENSION_REQUEST
Parameters
APP_NAME

string

App name.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_NAME

string

Device name event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

ORG_UNIT_NAME

string

Org unit name.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

USER_JUSTIFICATION

string

A parameter that contains a justification message provided by users.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=EXTENSION_REQUEST&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Request for extension {APP_NAME} was received

Login event type

A type for login events. Events of this type are returned with type=LOGIN_EVENT_TYPE.

Login

Login event name.

Event details
Event name LOGIN_EVENT
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

FEDERATED_ORIGIN

string

A parameter that contains the domain of the federated 3rd party provding the login flow.

IS_FEDERATED

boolean

A parameter that contains whether the login is through a federated 3rd party.

LOGIN_USER_NAME

string

A Parameter that contains the username used by the user when performing the login that triggered the login event report.

PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=LOGIN_EVENT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
A login was performed

Malware transfer event type

A type for malware transfer events. Events of this type are returned with type=MALWARE_TRANSFER_TYPE.

Malware transfer

Malware data transfer event name.

Event details
Event name MALWARE_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
EVIDENCE_LOCKER_FILEPATH

string

A parameter that contains the filepath of the evidence locker.

PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

USER_JUSTIFICATION

string

A parameter that contains a justification message provided by users.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=MALWARE_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Malware was detected in the tranferred content for {TRIGGER_USER}

Password breach event type

A type for password breach events, indicating that one of the user's password was identified as being leaked. Events of this type are returned with type=PASSWORD_BREACH_TYPE.

Password breach

Password breach event name.

Event details
Event name PASSWORD_BREACH
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
TRIGGER_USER

string

Trigger user event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=PASSWORD_BREACH&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
A user's password was breached

Sensitive data transfer event type

A type for senstive data transfer events. Events of this type are returned with type=SENSITIVE_DATA_TRANSFER_TYPE.

Sensitive data transfer

Sensitive data transfer event name.

Event details
Event name SENSITIVE_DATA_TRANSFER
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
CONTENT_HASH

string

Content hash event parameter.

CONTENT_NAME

string

Content name event parameter.

CONTENT_SIZE

integer

Content size event parameter.

CONTENT_TYPE

string

Content type event parameter.

DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
EVIDENCE_LOCKER_FILEPATH

string

A parameter that contains the filepath of the evidence locker.

PROFILE_USER_NAME

string

GSuite user name of the profile.

SCAN_ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_TYPE

string

Event trigger type parameter. Possible values:

  • CLIPBOARD
    ChromeOS Dlp Chlipboard rule triggered description.
  • DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
    The data transfer trigger is unknown.
  • EPRIVACY
    ChromeOS Dlp Eprivacy Screen rule triggered description.
  • FILE_DOWNLOAD
    The data transfer trigger is a file download.
  • FILE_UPLOAD
    The data transfer trigger is a file upload.
  • PASSWORD_ENTRY
    The password breach trigger is a password entry by a user on a website.
  • PASSWORD_SAFETY_CHECK
    The password breach trigger is a safety check initiated by the user in settings.
  • PRINTING
    ChromeOS Dlp Printing rule triggered description.
  • SCREENCAST
    ChromeOS Dlp Screencast rule triggered description.
  • SCREENSHOT
    ChromeOS Dlp Screenshot rule triggered description.
  • UNDEFINED
    ChromeOS Dlp Undefined rule triggered description.
  • WEB_CONTENT_UPLOAD
    The data transfer trigger is a web content upload.
TRIGGERED_RULES_REASON

string

Triggered rules reason event parameter.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

USER_JUSTIFICATION

string

A parameter that contains a justification message provided by users.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=SENSITIVE_DATA_TRANSFER&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Sensitive data was detected in the transferred content for {TRIGGER_USER}

Unsafe site visit event type

A type for unsafe site visit events. Events of this type are returned with type=UNSAFE_SITE_VISIT_TYPE.

Unsafe site visit

Unsafe site visit event name.

Event details
Event name UNSAFE_SITE_VISIT
Parameters
BROWSER_VERSION

string

Browser version event parameter.

CLIENT_TYPE

string

Event client type parameter. Possible values:

  • CHROME_BROWSER
    The client is a Chrome browser.
  • CHROME_OS_DEVICE
    The client is a ChromeOS device.
  • CHROME_PROFILE
    The client is a Chrome profile.
  • CLIENT_TYPE_UNSPECIFIED
    The client type is unknown.
DEVICE_ID

string

Device id event name.

DEVICE_NAME

string

Device name event parameter.

DEVICE_PLATFORM

string

Device platform event parameter.

DEVICE_USER

string

Device user name event parameter.

DIRECTORY_DEVICE_ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_REASON

string

Event reason event parameter. Possible values:

  • CHROME_OS_DATA_LOST_DETECTED
    ChromeOS reporting data error detected.
  • CHROME_OS_DEV_MODE
    Reason for switching from verified to developer mode events.
  • CHROME_OS_VERIFIED_MODE
    Reason for switching from developer to verified mode events.
  • CHROMEOS_AFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_AFFILIATED_USER_ADDED
    An affiliated user was added to ChromeOS.
  • CHROMEOS_AFFILIATED_USER_REMOVED
    An affiliated user was removed from ChromeOS.
  • CHROMEOS_GUEST_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_GUEST_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_LOGIN_LOGOUT_UNKNOWN
    Reason a Login/Logout event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGIN
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_LOGOUT
    Reason a Login/Logout Event was recorded.
  • CHROMEOS_UNAFFILIATED_USER_ADDED
    An unaffiliated user was added to ChromeOS.
  • CHROMEOS_UNAFFILIATED_USER_REMOVED
    An unaffiliated user was removed from ChromeOS.
  • CONTENT_UNSCANNED_DLP_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for DLP.
  • CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
    The reason for the unscanned content event is a password protected file.
  • CONTENT_UNSCANNED_FILE_TOO_LARGE
    The reason for the unscanned content event is a file too large.
  • CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
    The reason for the unscanned content event is a failure to scan for malware.
  • CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
    The reason for the unscanned content event is a file of an unsupported type for malware scan.
  • CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
    The reason for the unscanned content event is a service unavailable.
  • CONTENT_UNSCANNED_TIMEOUT
    The reason for the unscanned content event that the request timed out.
  • CONTENT_UNSCANNED_TOO_MANY_REQUESTS
    The reason for the unscanned content event is that too many requests were sent.
  • EVENT_REASON_DLP_EVENT
    ChromeOS Dlp Event is the reason for the event.
  • EVENT_REASON_UNSPECIFIED
    The reason for the event was not specified.
  • MALWARE_TRANSFER_DANGEROUS
    The reason for the malware transfer event is a dangerous file.
  • MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
    The reason for the malware transfer event is a dangerous file type.
  • MALWARE_TRANSFER_DANGEROUS_HOST
    The reason for the malware transfer event is a dangerous host.
  • MALWARE_TRANSFER_DANGEROUS_URL
    The reason for the malware transfer event is a dangerous URL.
  • MALWARE_TRANSFER_UNCOMMON
    The reason for the malware transfer event is an uncommon transfer.
  • MALWARE_TRANSFER_UNKNOWN
    The reason for the malware transfer event is unknown.
  • MALWARE_TRANSFER_UNWANTED_SOFTWARE
    The reason for the malware transfer event is an unwanted software file.
  • PASSWORD_REUSED_PHISHING_URL
    The password reuse event happened on a phishing URL.
  • PASSWORD_REUSED_UNAUTHORIZED_SITE
    The password reuse event happened on an unauthorized site.
  • UNSAFE_SITE_VISIT_MALWARE
    The reason for the unsafe site visit event is malware.
  • UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
    The reason for the unsafe site visit event is social engineering.
  • UNSAFE_SITE_VISIT_SSL_ERROR
    The reason for the unsafe site visit event is an SSL error.
  • UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
    The reason for the unsafe site visit event is unwanted software.
EVENT_RESULT

string

Event result event parameter. Possible values:

  • ALLOWED
    The user was allowed to continue after the event.
  • BLOCKED
    The user was blocked from continuing after the event.
  • BLOCKED
    A scan resulted in a blocking of a potential data leakage.
  • BYPASSED
    The user bypassed the event.
  • DETECTED
    A scan resulted in a detection of a potential security threat.
  • REPORTED
    A scan resulted in a reporting of a potential data leakage.
  • WARNED
    The user was warned about the event.
PROFILE_USER_NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

URL

string

The URL that event happened on.

USER_AGENT

string

User agent event parameter.

VIRTUAL_DEVICE_ID

string

Virtual device ID of the browser on which the event happened.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/chrome?eventName=UNSAFE_SITE_VISIT&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Unsafe site visit warning shown for {TRIGGER_USER}