Tag
medium
advisory
Google Workspace Suspicious Login Activity
3 rules 1 TTPDetect Google Workspace login activity that Google has classified as suspicious, potentially indicating initial access, privilege escalation, defense evasion, or persistence attempts.
Google Workspace
initial-access
privilege-escalation
defense-evasion
persistence
gworkspace
3r
1t
medium
advisory
Detection of Out-of-Domain Email Forwarding in Google Workspace
2 rules 1 TTPDetects automatic email forwarding to external domains in Google Workspace, which may indicate data leakage or misuse by malicious insiders or compromised accounts.
Google Workspace
data-leakage
gworkspace
email-forwarding
2r
1t