In your Google Admin console, you can use the audit and investigation tool to review user and administrator activity in your organization. You can use the information to track users and admins, and for security purposes.
For example, you can:
- Run searches with multiple filters
- Use AND/OR operators
- Download search results (maximum of 100,000 rows per download)
- Create reporting rules
You can access the audit and investigation tool from the left-navigation menu by clicking Reporting
Audit and investigation.
Premium features in the security investigation tool
Supported editions for this feature: Frontline Standard and Frontline Plus; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus; Cloud Identity Premium. Compare your edition- Save, share, delete, and duplicate investigations
- Create nested queries
- Group results by attribute when customizing a search
Create activity rules.
Selected Google Workspace editions support up to 100 activity rules. For more information, see Create and manage activity rules.
Create a custom chart related to your investigation that's displayed on the security dashboard
Pivot to other attributes from the search results
Take action on search results
From the left-navigation menu, click Security
Security center
Investigation tool. For more details, go to About the security investigation tool.