Google Drive Streaming Configuration

This guide provides steps on how to enable real-time data streaming for a Google drive connection and monitor streaming events within the Forcepoint DSPM platform.

Steps to Enable Data Streaming for Google drive

  1. From the Data Sources page, select Google drive from the list of available data sources. In the Scan Configurations list, create a New Configuration.

  2. Make sure the connection has a Name and Credentials set then click on Data streaming toggle and click Save & Close to finalize the changes.

  3. Clock icon: When data streaming is being activated, the Requested status will appear, indicating that the subscription is being processed. Once the subscription is activated, this status will change to a On.
  4. After enabling Data Streaming, the system will automatically handle the subscription to Google driveʼs real-time events. There is no need to manually configure Webhooks.

Monitoring Real-Time Events

After the subscription is activated, real-time events will start flowing into the platform, and you will be able to monitor them from various sections of Forcepoint DSPM.

Viewing Events in the Live Events Section

  1. Navigate to the Live Events section under Administration to view a detailed audit log of all streaming events.

  2. Filter by source to get only Google drive events.

Viewing Extended Streaming Events in the Live Events Section

Overview

Extended streaming events provide deeper insights into file activities within Google Drive by leveraging the admin.reports.audit.readonly permission. This allows the system to capture additional event types beyond standard data streaming, such as file permission changes. These events are crucial for comprehensive monitoring, alerting, and data lineage tracking within the platform.

Prerequisites

Before enabling extended streaming events, ensure that:

  • The required permission https://www.googleapis.com/auth/admin.reports.audit.readonly is granted to your Google Drive connection.

  • You have followed the delegation process as outlined in the Delegate Domain-Wide Authority to Your Service Account section, under Google Drive page.

Enabling Extended Streaming Events

If the necessary permission was not granted at the time of the initial streaming subscription, click on unsubscribe and then re-subscribe to streaming events from the Data Sources view.

Steps:

  1. Go to the Data Sources section under Administration.
  2. Locate the Google Drive connection.
  3. If extended streaming is not enabled, uncheck Data streaming box from streaming events.
  4. Ensure that the admin.reports.audit.readonly permission is granted as per the prerequisites.
  5. Click check Data streaming box from streaming events again to re-enable streaming with extended event tracking.
  6. Verify the status of the subscription to ensure it is active.

Monitoring Extended Streaming Events

Once extended streaming is enabled, events will be available for monitoring in multiple sections of the platform:

Live Events Section

  • Go to Live Events under Administration to view real-time extended events.

  • Use the filter options to narrow down events to only Google Drive activities.

  • Extended events such as permission changes, sharing modifications, and file deletions will be listed.

Data Lineage Tracking

  • Extended events are integrated into Data Lineage, providing a clear visualization of file activity over time.

  • Users can track who performed actions on a file and when, enabling forensic investigation and compliance tracking.

Alerting and Monitoring

  • Alerts can be configured for specific event types such as sensitive file shared externally, file permissions changed, or file deletion.

  • These alerts help organizations proactively detect potential security risks or data leaks.