The Audit Keywords Report is a Data Loss Prevention feature that displays files that contain keywords set by the admin in the Collavate Admin Console locate under the Reports menu. Preset keywords, regular expressions, and trigger actions can be set in the Drive Audit menu located within the Admin Console. Keywords set to be detected such as "social security number" or "credit card number" will display the number of files containing such information on the Audit Keywords Report menu.
Clicking on a REGEX: Detected expression will display the Audit Keyword Report Details. A list of files with the following detected keyword, or regular expression are displayed. Files are clickable and viewable depending on the sharing status of the file.
Setup Detection Formula
How to set up keywords or regular expressions followed by optional trigger actions:
① Locate the [Admin] tab to the left under the Reports tab.
② Click [Drive Audit]
③ Select [Create New Formula]
④ Enter in phrases and keywords to be detected within your domain’s Google Drive, or select predefined expressions.
*Note: Keywords can be entered on the line separated by commas, or pre-defined regular expressions can be clicked. Pre-defined expressions include: Social Security Numbers, Email Addresses, Phone Numbers, and Credit Card Numbers.
(Social Security Number Predefined Expression Selected in this example)
⑤ Click [Next]
⑥ Optional: Select trigger action(s) to take place once your keyword/regular expression is detected. Or choose “Skip, do not choose trigger action →”
⑦ Press [Done]
⑧ Detected files are found in [Reports] menu in Audit Keywords Report submenu
Depending on these settings and the formulas the Admin creates in the Drive Audit settings, the Audit Keywords Report will display keyword/regular expressions with detected information in the domain’s Google Drive files.
The system detects all domain users’ Google Drive files. This is an important feature for the Administrator to set up in the Admin > Drive Audit settings for this Data Loss Prevention feature to actively search file data in real-time.
The system can detect vulnerable information and activate trigger actions within 10 minutes* of the creation of vulnerable data anywhere in files of the domain’s Google Drive.