Use the alert center - Google Workspace Admin Help (2024)

The alert center includes two types of pages:

  • A list of alerts affecting your domain—This page is displayed after you sign in to the Google Admin console and navigate to the alert center. This list can span several pages, depending on the number of alerts that are active.
  • A details page that provides more information about each alert—You can access the details by clicking any item on the list of alerts.

To accessthe alert center:

  1. Sign in to your GoogleAdminconsole.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to MenuUse the alert center - Google Workspace Admin Help (1)Use the alert center - Google Workspace Admin Help (2)Use the alert center - Google Workspace Admin Help (3)SecurityUse the alert center - Google Workspace Admin Help (4)Alert center.

Access the alert centerfrom anywherein the Admin console

From anywhere in theGoogleAdmin console, you can view the Alerts widget to get a quick view of alerts affecting your domain. The Alerts widget includes a list of alerts, a short descriptionfor each alert, and the severity level(High, Medium, or Low).

To open the Alerts widget, click the bell iconUse the alert center - Google Workspace Admin Help (5)at the top of any page in the Admin console. To access the alert details for a specific alert, click one of the line items in the widget. To access the complete list of alerts in the alert center, click View all.

View your list ofalerts

After opening the alert center, a list is displayed that specifies the various alerts that are affecting your domain. Using this list, youcan quickly determine how many alerts are currently active. Items in this list include a short description for each alert, the alert type, and the date for the alert.

See the sections below for more information.

Use filters to narrow your list of alerts

The alert center provides an overview of the different types of alerts that are affecting your domain. You can narrow the list that's displayed in the Alert Center by filtering for certain types of alerts or by filtering for a range of dates, or both. You can also create filters based on other alert criteria—for example, status, severity, assignee, or user email.

Display specific alert types:

  1. From the list view in the alert center, click Add a filter.
  2. Choose your criteria for the filter from the list—for example, click Alert type.
  3. From the Alert typewindow, check the boxes for the relevant alert types.
  4. Click APPLY.

    After applying your filter, a list is displayed that corresponds to the relevant alert types. You can then click any item in the list to view details about analert.

Display alerts in specific date ranges:

  1. From the list view in the alert center, click Add a filter.
  2. Choose your criteria for the filter from the list—for example, clickDate range.
  3. From the Date rangewindow, select a date range for the alert.
  4. Click APPLY.

    After applying your filter, a list is displayed that corresponds to the alerts in the date rangethat you specified. You can then click any item in the list to view details about analert.

Save a set of alert filters

If you need to use aset of filters in the alert center more than once, you can save that set offilters, and then return to them later as needed.To save a set of alert filters:

  1. From the list view in the alert center, click Add a filter.
  2. Choose your criteria for the filter from the list—for example, click Status.
  3. From the Status window, check Not started, In progress, or Closed.
  4. Click APPLY.
  5. Click Saved Filters.
  6. Click SAVE CURRENT FILTER.
  7. Type a name for the filter—for example, typeStatus not started.
  8. Click SAVE.

Note:

  • You can later access your saved filters by clicking Saved Filters and clicking a previously saved filter name.
  • You can delete a saved filter by clicking Saved Filters, highlighting one of the filters, and clicking the delete icon.
  • You can save up to 20 filters at one time.

Another option for saving filters: When you apply a filter on the alert center's listpage,a query parameter is added to the URL on your browser.You can save this URL and enterit in aseparate session to display your previously applied filters.

Start an investigation

If you're anEnterprise administrator, youcan start an investigation based on an alert. Click one of the magnifying glass icons on the far-right side of the Alert center page. Or, from the details page, click INVESTIGATE ALERT.You can then use the investigation tool to take action—for example, to wipe a device or suspend a user.For instructions, see Start an investigation from the alert center.

View alert details

To view more details about any alert, click any item on the page to open the alert-details page. For more information, see View alert details.

Providefeedback onalerts

Alerts are generated based on a machine-learning system so that billions of signals can be taken into consideration to discover threats. For thesealerts,you can tell us if this alert was correct or useful—whichimproves the accuracy of the alerts over time. This feedback is onlyused to improve signals for your domain, and is notshared outside of your organization.

Any administrator in your domain with full access to the alert center can provide feedback.

For more details, see Provide feedback on alerts.

View alert history

You can view an alert's history on theAlert details page by going to theAlert history section. This enables you toview changes administrators maketo an alert, capture otherhistorical details, and keep an audit history of alerts that have been resolved.

For example, if an administrator changes the alert status from Not started to Closed, or if there's a change to the alert assignee or the alert severity, the Alert historysection provides a record of that change, including the email address of the administrator, and the date and time the change was made.

Add comments to alerts

As an administrator, you can add comments to the Alert history section of theAlert details page.

Adding commentsenables you to keep a more detailed record—for audit/historical reasons—of any actions you take in relation to an alert. For example, you might want to typea reminder that you performed a password reset on a certain date and notified theuser.By adding a note to the comments section, you can more easily remember what happened at a later time.

Adding comments also enables you to share the history of an alert with colleagues, anddiscuss thenext steps. You canalso provide more details when you change an alert's status—for example, if you changeit from In progress to Closed.You can also add a comment when you're reassigning an alert, orto provide links to relatedresources.

From the Alert history section of the Alert details page, type your comment, and click SAVE. Your username is then displayed next to the comment, as well asthe date and time.If needed, you can later delete a commentthat you added to this page.

View related alerts

From the alert details page, you can view a list of related alerts. This list enables you to quickly scan for alerts that have similar details, such as the same user email address.

Similar to the main alert center page, you can use the list of related alerts to give alert quality feedback or start an investigation related to that alert. You can click any alert in the list to open the details page for that alert.

About the 'Last updated' column on the list page

The list page in the alert center includes a Last updated column, which provides the date and time that each alert was last updated.

An alert is considered updatedif new data from the alert’s source has been added. For example, aGmail alert involving 10 emails one day may involve 20 the next day, and such a change is considered an update on the list page. However, user-driven changes—such as edits to assignee,status,or severity—are not considered alert updates.

Admin privileges for rule-based alerts

Asa Google Workspace administrator, you can only view and manage rule-based alertsif you have admin privileges for those specific rules:

  • To view and managethe Data loss prevention (DLP) alert, you'll need theDLP > View DLP ruleprivilege, and theDLP > Manage DLP rule privilege.
  • To view and managethe Activity rule alert, you'll need theSecurity Center > Activity Rules > View privilege, and theSecurity Center > Activity Rules > Manage privilege.
  • To view and manage all other alert types,you'll need the Reportsprivilege.

For details, go toGrant access to the alert center andAbout administrator roles.

For details about rules, go toCreate and manage rules from the Rules page.

    Related articles

    • About the alert center
    • Use the alert center
    • View alert details
    • Start an investigation
    • Provide feedback on alerts
    Use the alert center - Google Workspace Admin Help (2024)
    Top Articles
    Latest Posts
    Recommended Articles
    Article information

    Author: Kieth Sipes

    Last Updated:

    Views: 5359

    Rating: 4.7 / 5 (67 voted)

    Reviews: 82% of readers found this page helpful

    Author information

    Name: Kieth Sipes

    Birthday: 2001-04-14

    Address: Suite 492 62479 Champlin Loop, South Catrice, MS 57271

    Phone: +9663362133320

    Job: District Sales Analyst

    Hobby: Digital arts, Dance, Ghost hunting, Worldbuilding, Kayaking, Table tennis, 3D printing

    Introduction: My name is Kieth Sipes, I am a zany, rich, courageous, powerful, faithful, jolly, excited person who loves writing and wants to share my knowledge and understanding with you.