Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A domain administrator authorized a third-party application to access the Google Workspace APIs. This allows the application to interact with the domain user's data within the authorized scope, as specified in the API call.
Attacker's Goals
Gain access to Google Workspace data and services. Collect confidential information from Google Workspace. Compromise user accounts and data.
Investigative actions
- Check which account was granted access to the Domain API.
- Identify the source IP address of the request.
- Verify the legitimacy of the request.