Scope of GWS Data Ingestion

Question

Hi,Thank you for all of your support - we have made lots of progress thanks to the community!Is there a method to limit the scope of the ingested GWS data? For example, if my workspace has a subdomain, is it possible to only ingest data from the subdomain? Also, as far as I know of (I may be wrong), Gmail data sent to SecOps contains the email content. If this is true, would there be a way to disable the collection of email content, for privacy reasons?TLDR: when connecting GWS to SecOps, can I pick and choose what users and data is sent, or is it a "either send all or don't" mechanism?Cheers!

mikemeeks · Accepted Answer

You're correct that, by default, Gmail data sent to SecOps includes email content. However, you can disable the collection of email content for privacy reasons.

Here's how:

During Setup: When initially configuring the GWS integration, there's an option to exclude Gmail content. Make sure this is selected if you want to prevent email body ingestion.
Post-Setup: If you've already set up the integration, you can modify the configuration to exclude Gmail content. You'll need to go into your GWS integration settings within SecOps and adjust the data collection scope.

wonjulee · Answer

@mikemeeks wrote:Post-Setup: If you've already set up the integration, you can modify the configuration to exclude Gmail content. You'll need to go into your GWS integration settings within SecOps and adjust the data collection scope. Hi,Thank you for your reply. We are currently sending GWS data to SecOps SIEM, but I am not sure where to find and modify the configuration for Gmail Content. Where in SecOps can I make ingested email data not contain the raw content?Thanks!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded