Console

Google Workspace threat findings

Security Command Center analyzes various logs for potential threats that affect Google Workspace resources. For recommended responses to these threats, see Respond to Google Workspace threat findings.

The following log-based detections are available with Event Threat Detection:

Persistence: Strong Authentication Disabled

Initial Access: Account Disabled Hijacked

Initial Access: Disabled Password Leak

Initial Access: Government Based Attack

Initial Access: Suspicious Login Blocked

Persistence: SSO Enablement Toggle

Persistence: SSO Settings Changed

Persistence: Two Step Verification Disabled

What's next

Learn about Event Threat Detection.
Learn how to respond to Google Workspace threat findings.
Refer to the Threat findings index.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-09-17 UTC.

Google Workspace threat findings Stay organized with collections Save and categorize content based on your preferences.

What's next

Google Workspace threat findings