Action

Enum representing different possible actions taken by the product that created the event. Google SecOps classifies: - ALLOW and ALLOW_WITH_MODIFICATION actions as "successful". - BLOCK, QUARANTINE, FAIL, and CHALLENGE actions as "failed". This includes all corresponding metrics (for example, AUTH_ATTEMPTS_FAIL, FILE_EXECUTIONS_FAIL, RESOURCE_READ_FAIL, and so on). - UNKNOWN_ACTION actions as neither "successful" nor "failed", because, for example, logs might not provide information whether a login event occurred but some kind of "unknown" error was issued nonetheless.

Enums
`UNKNOWN_ACTION`	The default action.
`ALLOW`	Allowed.
`BLOCK`	Blocked.
`ALLOW_WITH_MODIFICATION`	Strip, modify something (e.g. File or email was disinfected or rewritten and still forwarded).
`QUARANTINE`	Put somewhere for later analysis (does NOT imply block).
`FAIL`	Failed (e.g. the event was allowed but failed).
`CHALLENGE`	Challenged (e.g. the user was challenged by a Captcha, 2FA).

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-13 UTC.

Design a Mobile Site

View Site in Mobile | Classic

Share by:

Action Stay organized with collections Save and categorize content based on your preferences.

Action