Google G Suite Activity Reports sample event messages

Use these sample event messages as a way of verifying a successful integration with QRadar.

The following table provides sample event messages when you use the Google G Suite Activity Reports REST API protocol for the Google G Suite Activity Reports DSM.
Table 1. Google G Suite Activity Reports sample message supported by Google G Suite Activity Reports.
Event name Low-level category Sample log message
Login_success User login success
{"actor"{"email":"xxx@xxxxxx.xxx","profileId":"xxxxxxxxxxxxxxxxx"},"etag":"\"3InmzELrmhMYx7Wvxlz3NllOopE/m2bw4uWdXlHjVQ4P1Az5ED46P4w\"","events":[{"name":"login_success","parameters":[{"name":"login_type","value":"google_password"},{"multiValue":["password"],"name":"login_challenge_method"},{"boolValue":false,"name":"is_suspicious"}],"type":"login"}],"id":{"applicationName":"login","customerId":"xxxxxxx","time":"2019-05-22T20:03:42.047Z","uniqueQualifier":"239837479183"},"ipAddress":"<IP_address>","kind":"admin#reports#activity"}
edit Update Activity Succeeded
{"actor"{"email":"xxx@xxxxxx.xxx","profileId"
:"xxxxxxxxxxxxxxxxx"},"etag":"\"3InmzELrmhMYx7Wvxlz3Nl
lOopE/9tDfe88oL_ydXHALurRrMoRrLH4\"","events":[{"name"
:"edit","parameters":[{"boolValue":true,"name":"primar
y_event"},{"boolValue":true,"name":"billable"},{"name"
:"doc_id","value":"1rLEPjwJTitDL08LKhU0QlGxWE7yzNWRiCV
rRQ0KfN9Y"},{"name":"doc_type","value":"document"},{"
name":"doc_title","value":"Untitleddocument"},{"name"
:"visibility","value":"private"},{"name":"owner","va
lue":"xxx@xxxxxx.xxx"},{"boolValue":false,"name":"ow
ner_is_team_drive"}],"type":"access"}],"id":{"applic
ationName":"drive","customerId":"xxxxxxx","time":"20
19-0603T16:38:11.461Z","uniqueQualifier":"6949699212
699371308"},"ipAddress":"<IP_address>","kind":"admi
n#reports#activity"