Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misleading Detection Rule Name #4454

Open
monkeyonbranch opened this issue Feb 10, 2025 · 1 comment
Open

Misleading Detection Rule Name #4454

monkeyonbranch opened this issue Feb 10, 2025 · 1 comment
Assignees
@terrancedejesus
Labels
community

Comments

@monkeyonbranch
Copy link

The detection rule name for Google Workspace Object Copied To External Drive... is misleading. It makes it sound as if someone is copying something to an external drive, i.e., exfiltrating data.

The detection logic only looks for events when someone is copying something FROM an external drive TO a internal (from Organization's perspective) drive.

Please update the rule name to make this more clear. I suggest External Object Copied to Google Workspace and Permissions Granted.
I feel this name reflects the detection logic much better than the current name. It gives a very summarized and truthful description of what event has occured.
@w0rk3r
Copy link
Contributor

w0rk3r commented Feb 13, 2025

@terrancedejesus

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@terrancedejesus terrancedejesus

Labels
community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@w0rk3r @terrancedejesus @monkeyonbranch