Chrome Audit Activity Events

This document lists the events and parameters for various types of Chrome Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=chrome .

Add or remove user

A type for ChromeOS add or remove user events. Events of this type are returned with type=CHROME_OS_ADD_REMOVE_USER_TYPE .

ChromeOS user added

User added from ChromeOS.

Event details

Event name

CHROME_OS_ADD_USER

Parameters

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CHROME_OS_ADD_USER 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

 {DEVICE_USER} 
has been added to ChromeOS device {DEVICE_NAME}

ChromeOS user removed

User removed from ChromeOS.

Event details

Event name

CHROME_OS_REMOVE_USER

Parameters

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

REMOVE_  
USER_  
REASON

string

Parameter explaining why a user was removed from a device. Possible values:

DEVICE_EPHEMERAL_USERS_ENABLED
Reason why a user was removed from a device.
LOCAL_USER_INITIATED
Reason why a user was removed from a device.
LOCAL_USER_INITIATED_ON_REQUIRED_UPDATE
Reason why a user was removed from a device.
REMOTE_ADMIN_INITIATED
Reason why a user was removed from a device.
USER_REMOVED_UNKNOWN_REASON
Reason why a user was removed from a device.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CHROME_OS_REMOVE_USER 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

 {DEVICE_USER} 
has been removed from ChromeOS device {DEVICE_NAME} 
due to {REMOVE_USER_REASON}

Change device boot mode

A type for device boot mode change events. Events of this type are returned with type=DEVICE_BOOT_STATE_CHANGE_TYPE .

Device boot state change

ChromeOS device boot mode changed.

Event details

Event name

DEVICE_BOOT_STATE_CHANGE

Parameters

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

NEW_  
BOOT_  
MODE

string

New device boot mode. Possible values:

DEVELOPER
Device boot mode state.
UNKNOWN
Device boot mode state.
VERIFIED
Device boot mode state.

PREVIOUS_  
BOOT_  
MODE

string

Previous device boot mode. Possible values:

DEVELOPER
Device boot mode state.
UNKNOWN
Device boot mode state.
VERIFIED
Device boot mode state.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= DEVICE_BOOT_STATE_CHANGE 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Device boot mode has changed from {PREVIOUS_BOOT_MODE} 
to {NEW_BOOT_MODE} 
mode for ChromeOS device {DEVICE_NAME}

ChromeOS login or logout event type

A type for chromeos login events. Events of this type are returned with type=CHROME_OS_LOGIN_LOGOUT_TYPE .

ChromeOS login failure

ChromeOS Login Failure Event name.

Event details

Event name

CHROME_OS_LOGIN_FAILURE_EVENT

Parameters

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

LOGIN_  
FAILURE_  
REASON

string

AUTHENTICATION_ERROR
Reason why a login failure occurred.
COULD_NOT_MOUNT_TMPFS
Reason why a login failure occurred.
MISSING_CRYPTOHOME
Reason why a login failure occurred.
OWNER_REQUIRED
Reason why a login failure occurred.
TPM_ERROR
Reason why a login failure occurred.
TPM_UPDATE_REQUIRED
Reason why a login failure occurred.
UNKNOWN_FAILURE
Reason why a login failure occurred.
UNRECOVERABLE_CRYPTOHOME
Reason why a login failure occurred.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CHROME_OS_LOGIN_FAILURE_EVENT 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

 {DEVICE_USER} 
has attempted and failed to log into ChromeOS device {DEVICE_NAME} 
due to {LOGIN_FAILURE_REASON}

ChromeOS login or logout

ChromeOS Login Logout Event name.

Event details

Event name

CHROME_OS_LOGIN_LOGOUT_EVENT

Parameters

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CHROME_OS_LOGIN_LOGOUT_EVENT 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

 {DEVICE_USER} 
successfully logged in or out of device {DEVICE_NAME}

ChromeOS login success

ChromeOS Login Event name.

Event details

Event name

CHROME_OS_LOGIN_EVENT

Parameters

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CHROME_OS_LOGIN_EVENT 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

 {DEVICE_USER} 
has successfully logged into ChromeOS device {DEVICE_NAME}

ChromeOS logout

ChromeOS Logout Event name.

Event details

Event name

CHROME_OS_LOGOUT_EVENT

Parameters

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CHROME_OS_LOGOUT_EVENT 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

 {DEVICE_USER} 
has successfully logged out from ChromeOS device {DEVICE_NAME}

ChromeOS reporting data error type

A type for ChromeOS reporting data error events. Events of this type are returned with type=CHROME_OS_REPORTING_DATA_LOST_TYPE .

ChromeOS reporting data error

ChromeOS reporting data error event name.

Event details

Event name

CHROME_OS_REPORTING_DATA_LOST

Parameters

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CHROME_OS_REPORTING_DATA_LOST 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

An event was expected to be reported but failed to complete for device {DEVICE_NAME}

Chrome Safe Browsing password event type

A type for any Chrome Safe Browsing password events. Events of this type are returned with type=SAFE_BROWSING_PASSWORD_ALERT .

Password changed

Chrome Safe Browsing password changed event name.

Event details

Event name

PASSWORD_CHANGED

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

DEVICE_  
ID

string

Device id event name.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_  
USER

string

Trigger user event parameter.

USER_  
AGENT

string

User agent event parameter.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= PASSWORD_CHANGED 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Password changed for {TRIGGER_USER}

Password reuse

Chrome Safe Browsing password reuse event name.

Event details

Event name

PASSWORD_REUSE

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

DEVICE_  
ID

string

Device id event name.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

EVENT_  
RESULT

string

Event result event parameter. Possible values:

ALLOWED
The user was allowed to continue after the event.
BLOCKED
The user was blocked from continuing after the event.
BLOCKED
A scan resulted in a blocking of a potential data leakage.
BYPASSED
The user bypassed the event.
DETECTED
A scan resulted in a detection of a potential security threat.
REPORTED
A scan resulted in a reporting of a potential data leakage.
WARNED
The user was warned about the event.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_  
USER

string

Trigger user event parameter.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= PASSWORD_REUSE 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Password reuse for {TRIGGER_USER}

ChromeOS Dlp Event

A type for ChromeOS DlpEvent events, indicating that one defined DLP rule has been hit. Events of this type are returned with type=DLP_EVENTS_TYPE .

Data access control

ChromeOS Dlp Event name.

Event details

Event name

DLP_EVENT

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

EVENT_  
RESULT

string

Event result event parameter. Possible values:

ALLOWED
The user was allowed to continue after the event.
BLOCKED
The user was blocked from continuing after the event.
BLOCKED
A scan resulted in a blocking of a potential data leakage.
BYPASSED
The user bypassed the event.
DETECTED
A scan resulted in a detection of a potential security threat.
REPORTED
A scan resulted in a reporting of a potential data leakage.
WARNED
The user was warned about the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_  
DESTINATION

string

A parameter that contains the destination of the rule which triggered the event.

TRIGGER_  
SOURCE

string

A parameter that contains the source of the rule which triggered the event.

TRIGGER_  
TYPE

string

Event trigger type parameter. Possible values:

CLIPBOARD
ChromeOS Dlp Chlipboard rule triggered description.
DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
The data transfer trigger is unknown.
EPRIVACY
ChromeOS Dlp Eprivacy Screen rule triggered description.
FILE_DOWNLOAD
The data transfer trigger is a file download.
FILE_UPLOAD
The data transfer trigger is a file upload.
PASSWORD_ENTRY
The password breach trigger is a password entry by a user on a website.
PASSWORD_SAFETY_CHECK
The password breach trigger is a safety check initiated by the user in settings.
PRINTING
ChromeOS Dlp Printing rule triggered description.
SCREENCAST
ChromeOS Dlp Screencast rule triggered description.
SCREENSHOT
ChromeOS Dlp Screenshot rule triggered description.
UNDEFINED
ChromeOS Dlp Undefined rule triggered description.
WEB_CONTENT_UPLOAD
The data transfer trigger is a web content upload.

TRIGGERED_  
RULES_  
REASON

string

Triggered rules reason event parameter.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= DLP_EVENT 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Data access control rule triggered by ChromeOS

Content transfer event type

A type for content transfer events. Events of this type are returned with type=CONTENT_TRANSFER_TYPE .

Content transfer

Content transfer event name.

Event details

Event name

CONTENT_TRANSFER

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

CONTENT_  
HASH

string

Content hash event parameter.

CONTENT_  
NAME

string

Content name event parameter.

CONTENT_  
SIZE

integer

Content size event parameter.

CONTENT_  
TYPE

string

Content type event parameter.

CONTENT_  
TRANSFER_  
METHOD

string

The method for content transferring. Possible values:

FILE_PICKER
The content is transferred using file picker.
DRAG_AND_DROP
The content is transferred using drag and drop.
FILE_PASTE
The content is transferred using file paste.
UNKNOWN
The transfer method is unknown.

DEVICE_  
ID

string

Device id event name.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
RESULT

string

Event result event parameter. Possible values:

ALLOWED
The user was allowed to continue after the event.
BLOCKED
The user was blocked from continuing after the event.
BLOCKED
A scan resulted in a blocking of a potential data leakage.
BYPASSED
The user bypassed the event.
DETECTED
A scan resulted in a detection of a potential security threat.
REPORTED
A scan resulted in a reporting of a potential data leakage.
WARNED
The user was warned about the event.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

SCAN_  
ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_  
TYPE

string

Event trigger type parameter. Possible values:

CLIPBOARD
ChromeOS Dlp Chlipboard rule triggered description.
DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
The data transfer trigger is unknown.
EPRIVACY
ChromeOS Dlp Eprivacy Screen rule triggered description.
FILE_DOWNLOAD
The data transfer trigger is a file download.
FILE_UPLOAD
The data transfer trigger is a file upload.
PASSWORD_ENTRY
The password breach trigger is a password entry by a user on a website.
PASSWORD_SAFETY_CHECK
The password breach trigger is a safety check initiated by the user in settings.
PRINTING
ChromeOS Dlp Printing rule triggered description.
SCREENCAST
ChromeOS Dlp Screencast rule triggered description.
SCREENSHOT
ChromeOS Dlp Screenshot rule triggered description.
UNDEFINED
ChromeOS Dlp Undefined rule triggered description.
WEB_CONTENT_UPLOAD
The data transfer trigger is a web content upload.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CONTENT_TRANSFER 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Content was transfered

Content unscanned event type

A type for conent unscanned events. Events of this type are returned with type=CONTENT_UNSCANNED_TYPE .

Content unscanned

Unscanned content event name.

Event details

Event name

CONTENT_UNSCANNED

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

CONTENT_  
HASH

string

Content hash event parameter.

CONTENT_  
NAME

string

Content name event parameter.

CONTENT_  
SIZE

integer

Content size event parameter.

CONTENT_  
TYPE

string

Content type event parameter.

CONTENT_  
TRANSFER_  
METHOD

string

The method for content transferring. Possible values:

FILE_PICKER
The content is transferred using file picker.
DRAG_AND_DROP
The content is transferred using drag and drop.
FILE_PASTE
The content is transferred using file paste.
UNKNOWN
The transfer method is unknown.

DEVICE_  
ID

string

Device id event name.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

EVENT_  
RESULT

string

Event result event parameter. Possible values:

ALLOWED
The user was allowed to continue after the event.
BLOCKED
The user was blocked from continuing after the event.
BLOCKED
A scan resulted in a blocking of a potential data leakage.
BYPASSED
The user bypassed the event.
DETECTED
A scan resulted in a detection of a potential security threat.
REPORTED
A scan resulted in a reporting of a potential data leakage.
WARNED
The user was warned about the event.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_  
TYPE

string

Event trigger type parameter. Possible values:

CLIPBOARD
ChromeOS Dlp Chlipboard rule triggered description.
DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
The data transfer trigger is unknown.
EPRIVACY
ChromeOS Dlp Eprivacy Screen rule triggered description.
FILE_DOWNLOAD
The data transfer trigger is a file download.
FILE_UPLOAD
The data transfer trigger is a file upload.
PASSWORD_ENTRY
The password breach trigger is a password entry by a user on a website.
PASSWORD_SAFETY_CHECK
The password breach trigger is a safety check initiated by the user in settings.
PRINTING
ChromeOS Dlp Printing rule triggered description.
SCREENCAST
ChromeOS Dlp Screencast rule triggered description.
SCREENSHOT
ChromeOS Dlp Screenshot rule triggered description.
UNDEFINED
ChromeOS Dlp Undefined rule triggered description.
WEB_CONTENT_UPLOAD
The data transfer trigger is a web content upload.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= CONTENT_UNSCANNED 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

The transfered content was not scanned because of {EVENT_REASON_ENUM_TYPE}

Extension request event type

A type for extension request events. Events of this type are returned with type=EXTENSION_REQUEST_TYPE .

Extension request

Extension request event name.

Event details

Event name

EXTENSION_REQUEST

Parameters

APP_  
NAME

string

App name.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

ORG_  
UNIT_  
NAME

string

Org unit name.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

USER_  
JUSTIFICATION

string

A parameter that contains a justification message provided by users.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= EXTENSION_REQUEST 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Request for extension {APP_NAME} 
was received

Login event type

A type for login events. Events of this type are returned with type=LOGIN_EVENT_TYPE .

Login

Event details

Event name

LOGIN_EVENT

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

FEDERATED_  
ORIGIN

string

A parameter that contains the domain of the federated 3rd party provding the login flow.

IS_  
FEDERATED

boolean

A parameter that contains whether the login is through a federated 3rd party.

LOGIN_  
USER_  
NAME

string

A Parameter that contains the username used by the user when performing the login that triggered the login event report.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= LOGIN_EVENT 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

A login was performed

Malware transfer event type

A type for malware transfer events. Events of this type are returned with type=MALWARE_TRANSFER_TYPE .

Malware transfer

Malware data transfer event name.

Event details

Event name

MALWARE_TRANSFER

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

CONTENT_  
HASH

string

Content hash event parameter.

CONTENT_  
NAME

string

Content name event parameter.

CONTENT_  
SIZE

integer

Content size event parameter.

CONTENT_  
TYPE

string

Content type event parameter.

CONTENT_  
TRANSFER_  
METHOD

string

The method for content transferring. Possible values:

FILE_PICKER
The content is transferred using file picker.
DRAG_AND_DROP
The content is transferred using drag and drop.
FILE_PASTE
The content is transferred using file paste.
UNKNOWN
The transfer method is unknown.

DEVICE_  
ID

string

Device id event name.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

EVENT_  
RESULT

string

Event result event parameter. Possible values:

ALLOWED
The user was allowed to continue after the event.
BLOCKED
The user was blocked from continuing after the event.
BLOCKED
A scan resulted in a blocking of a potential data leakage.
BYPASSED
The user bypassed the event.
DETECTED
A scan resulted in a detection of a potential security threat.
REPORTED
A scan resulted in a reporting of a potential data leakage.
WARNED
The user was warned about the event.

EVIDENCE_  
LOCKER_  
FILEPATH

string

A parameter that contains the filepath of the evidence locker.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

SCAN_  
ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

SERVER_  
SCAN_  
STATUS

string

Status indicates the outcome of the event's server scan, which could be complete, require a manual audit due to configuration settings, or require a manual audit because the scan took too long. Possible values:

COMPLETED
The scan was completed.
AUDIT_DUE_TO_CONFIG
The scan was in audit mode due to the configuration.
AUDIT_DUE_TO_DEADLINE_EXCEEDED
The scan exceeded the configured deadline and so was running in audit mode afterward.
UNKNOWN
The scan status is unknown.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_  
TYPE

string

Event trigger type parameter. Possible values:

CLIPBOARD
ChromeOS Dlp Chlipboard rule triggered description.
DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
The data transfer trigger is unknown.
EPRIVACY
ChromeOS Dlp Eprivacy Screen rule triggered description.
FILE_DOWNLOAD
The data transfer trigger is a file download.
FILE_UPLOAD
The data transfer trigger is a file upload.
PASSWORD_ENTRY
The password breach trigger is a password entry by a user on a website.
PASSWORD_SAFETY_CHECK
The password breach trigger is a safety check initiated by the user in settings.
PRINTING
ChromeOS Dlp Printing rule triggered description.
SCREENCAST
ChromeOS Dlp Screencast rule triggered description.
SCREENSHOT
ChromeOS Dlp Screenshot rule triggered description.
UNDEFINED
ChromeOS Dlp Undefined rule triggered description.
WEB_CONTENT_UPLOAD
The data transfer trigger is a web content upload.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

USER_  
JUSTIFICATION

string

A parameter that contains a justification message provided by users.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= MALWARE_TRANSFER 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Malware was detected in the transferred content for {TRIGGER_USER}

Password breach event type

A type for password breach events, indicating that one of the user's password was identified as being leaked. Events of this type are returned with type=PASSWORD_BREACH_TYPE .

Password breach

Password breach event name.

Event details

Event name

PASSWORD_BREACH

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

EVENT_  
RESULT

string

Event result event parameter. Possible values:

ALLOWED
The user was allowed to continue after the event.
BLOCKED
The user was blocked from continuing after the event.
BLOCKED
A scan resulted in a blocking of a potential data leakage.
BYPASSED
The user bypassed the event.
DETECTED
A scan resulted in a detection of a potential security threat.
REPORTED
A scan resulted in a reporting of a potential data leakage.
WARNED
The user was warned about the event.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_  
TYPE

string

Event trigger type parameter. Possible values:

CLIPBOARD
ChromeOS Dlp Chlipboard rule triggered description.
DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
The data transfer trigger is unknown.
EPRIVACY
ChromeOS Dlp Eprivacy Screen rule triggered description.
FILE_DOWNLOAD
The data transfer trigger is a file download.
FILE_UPLOAD
The data transfer trigger is a file upload.
PASSWORD_ENTRY
The password breach trigger is a password entry by a user on a website.
PASSWORD_SAFETY_CHECK
The password breach trigger is a safety check initiated by the user in settings.
PRINTING
ChromeOS Dlp Printing rule triggered description.
SCREENCAST
ChromeOS Dlp Screencast rule triggered description.
SCREENSHOT
ChromeOS Dlp Screenshot rule triggered description.
UNDEFINED
ChromeOS Dlp Undefined rule triggered description.
WEB_CONTENT_UPLOAD
The data transfer trigger is a web content upload.

TRIGGER_  
USER

string

Trigger user event parameter.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= PASSWORD_BREACH 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

A user's password was breached

Sensitive data transfer event type

A type for senstive data transfer events. Events of this type are returned with type=SENSITIVE_DATA_TRANSFER_TYPE .

Sensitive data transfer

Sensitive data transfer event name.

Event details

Event name

SENSITIVE_DATA_TRANSFER

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

CONTENT_  
HASH

string

Content hash event parameter.

CONTENT_  
NAME

string

Content name event parameter.

CONTENT_  
SIZE

integer

Content size event parameter.

CONTENT_  
TYPE

string

Content type event parameter.

CONTENT_  
TRANSFER_  
METHOD

string

The method for content transferring. Possible values:

FILE_PICKER
The content is transferred using file picker.
DRAG_AND_DROP
The content is transferred using drag and drop.
FILE_PASTE
The content is transferred using file paste.
UNKNOWN
The transfer method is unknown.

DEVICE_  
ID

string

Device id event name.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
RESULT

string

Event result event parameter. Possible values:

ALLOWED
The user was allowed to continue after the event.
BLOCKED
The user was blocked from continuing after the event.
BLOCKED
A scan resulted in a blocking of a potential data leakage.
BYPASSED
The user bypassed the event.
DETECTED
A scan resulted in a detection of a potential security threat.
REPORTED
A scan resulted in a reporting of a potential data leakage.
WARNED
The user was warned about the event.

EVIDENCE_  
LOCKER_  
FILEPATH

string

A parameter that contains the filepath of the evidence locker.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

SCAN_  
ID

string

A parameter that contains the scan id of the content analysis scan which triggered the event.

SERVER_  
SCAN_  
STATUS

string

COMPLETED
The scan was completed.
AUDIT_DUE_TO_CONFIG
The scan was in audit mode due to the configuration.
AUDIT_DUE_TO_DEADLINE_EXCEEDED
The scan exceeded the configured deadline and so was running in audit mode afterward.
UNKNOWN
The scan status is unknown.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

TRIGGER_  
TYPE

string

Event trigger type parameter. Possible values:

CLIPBOARD
ChromeOS Dlp Chlipboard rule triggered description.
DATA_TRANSFER_EVENT_TRIGGER_TYPE_UNSPECIFIED
The data transfer trigger is unknown.
EPRIVACY
ChromeOS Dlp Eprivacy Screen rule triggered description.
FILE_DOWNLOAD
The data transfer trigger is a file download.
FILE_UPLOAD
The data transfer trigger is a file upload.
PASSWORD_ENTRY
The password breach trigger is a password entry by a user on a website.
PASSWORD_SAFETY_CHECK
The password breach trigger is a safety check initiated by the user in settings.
PRINTING
ChromeOS Dlp Printing rule triggered description.
SCREENCAST
ChromeOS Dlp Screencast rule triggered description.
SCREENSHOT
ChromeOS Dlp Screenshot rule triggered description.
UNDEFINED
ChromeOS Dlp Undefined rule triggered description.
WEB_CONTENT_UPLOAD
The data transfer trigger is a web content upload.

TRIGGERED_  
RULES_  
REASON

string

Triggered rules reason event parameter.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

USER_  
JUSTIFICATION

string

A parameter that contains a justification message provided by users.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= SENSITIVE_DATA_TRANSFER 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Sensitive data was detected in the transferred content for {TRIGGER_USER}

Unsafe site visit event type

A type for unsafe site visit events. Events of this type are returned with type=UNSAFE_SITE_VISIT_TYPE .

Unsafe site visit

Unsafe site visit event name.

Event details

Event name

UNSAFE_SITE_VISIT

Parameters

BROWSER_  
VERSION

string

Browser version event parameter.

CLIENT_  
TYPE

string

Event client type parameter. Possible values:

CHROME_BROWSER
The client is a Chrome browser.
CHROME_OS_DEVICE
The client is a ChromeOS device.
CHROME_PROFILE
The client is a Chrome profile.
CLIENT_TYPE_UNSPECIFIED
The client type is unknown.

DEVICE_  
ID

string

Device id event name.

DEVICE_  
NAME

string

Device name event parameter.

DEVICE_  
PLATFORM

string

Device platform event parameter.

DEVICE_  
USER

string

Device user name event parameter.

DIRECTORY_  
DEVICE_  
ID

string

Directory API device ID of the device or browser on which the event happened.

EVENT_  
REASON

string

Event reason event parameter. Possible values:

CHROME_OS_DATA_LOST_DETECTED
ChromeOS reporting data error detected.
CHROME_OS_DEV_MODE
Reason for switching from verified to developer mode events.
CHROME_OS_VERIFIED_MODE
Reason for switching from developer to verified mode events.
CHROMEOS_AFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_AFFILIATED_USER_ADDED
An affiliated user was added to ChromeOS.
CHROMEOS_AFFILIATED_USER_REMOVED
An affiliated user was removed from ChromeOS.
CHROMEOS_GUEST_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_GUEST_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_LOGIN_LOGOUT_UNKNOWN
Reason a Login/Logout event was recorded.
CHROMEOS_UNAFFILIATED_LOGIN
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_LOGOUT
Reason a Login/Logout Event was recorded.
CHROMEOS_UNAFFILIATED_USER_ADDED
An unaffiliated user was added to ChromeOS.
CHROMEOS_UNAFFILIATED_USER_REMOVED
An unaffiliated user was removed from ChromeOS.
CONTENT_UNSCANNED_DLP_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for DLP.
CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED
The reason for the unscanned content event is a password protected file.
CONTENT_UNSCANNED_FILE_TOO_LARGE
The reason for the unscanned content event is a file too large.
CONTENT_UNSCANNED_MALWARE_SCAN_FAILED
The reason for the unscanned content event is a failure to scan for malware.
CONTENT_UNSCANNED_MALWARE_SCAN_UNSUPPORTED_FILE_TYPE
The reason for the unscanned content event is a file of an unsupported type for malware scan.
CONTENT_UNSCANNED_SERVICE_UNAVAILABLE
The reason for the unscanned content event is a service unavailable.
CONTENT_UNSCANNED_TIMEOUT
The reason for the unscanned content event that the request timed out.
CONTENT_UNSCANNED_TOO_MANY_REQUESTS
The reason for the unscanned content event is that too many requests were sent.
EVENT_REASON_DLP_EVENT
ChromeOS Dlp Event is the reason for the event.
EVENT_REASON_UNSPECIFIED
The reason for the event was not specified.
MALWARE_TRANSFER_DANGEROUS
The reason for the malware transfer event is a dangerous file.
MALWARE_TRANSFER_DANGEROUS_FILE_TYPE
The reason for the malware transfer event is a dangerous file type.
MALWARE_TRANSFER_DANGEROUS_HOST
The reason for the malware transfer event is a dangerous host.
MALWARE_TRANSFER_DANGEROUS_URL
The reason for the malware transfer event is a dangerous URL.
MALWARE_TRANSFER_UNCOMMON
The reason for the malware transfer event is an uncommon transfer.
MALWARE_TRANSFER_UNKNOWN
The reason for the malware transfer event is unknown.
MALWARE_TRANSFER_UNWANTED_SOFTWARE
The reason for the malware transfer event is an unwanted software file.
PASSWORD_REUSED_PHISHING_URL
The password reuse event happened on a phishing URL.
PASSWORD_REUSED_UNAUTHORIZED_SITE
The password reuse event happened on an unauthorized site.
UNSAFE_SITE_VISIT_MALWARE
The reason for the unsafe site visit event is malware.
UNSAFE_SITE_VISIT_SOCIAL_ENGINEERING
The reason for the unsafe site visit event is social engineering.
UNSAFE_SITE_VISIT_SSL_ERROR
The reason for the unsafe site visit event is an SSL error.
UNSAFE_SITE_VISIT_UNWANTED_SOFTWARE
The reason for the unsafe site visit event is unwanted software.

EVENT_  
RESULT

string

Event result event parameter. Possible values:

ALLOWED
The user was allowed to continue after the event.
BLOCKED
The user was blocked from continuing after the event.
BLOCKED
A scan resulted in a blocking of a potential data leakage.
BYPASSED
The user bypassed the event.
DETECTED
A scan resulted in a detection of a potential security threat.
REPORTED
A scan resulted in a reporting of a potential data leakage.
WARNED
The user was warned about the event.

PROFILE_  
USER_  
NAME

string

GSuite user name of the profile.

TIMESTAMP

integer

The server timestamp of the Chrome Safe Browsing event.

URL

string

The URL that event happened on.

USER_  
AGENT

string

User agent event parameter.

VIRTUAL_  
DEVICE_  
ID

string

Virtual device ID of the browser on which the event happened.

Sample request

GET https://admin.googleapis.com  
/admin  
/reports  
/v1  
/activity  
/users  
/all  
/applications  
/ chrome 
  
?eventName= UNSAFE_SITE_VISIT 
  
&maxResults=10  
&access_token= YOUR_ACCESS_TOKEN

Admin Console message format

Unsafe site visit warning shown for {TRIGGER_USER}

Chrome Audit Activity Events Stay organized with collections Save and categorize content based on your preferences.

Add or remove user

ChromeOS user added

ChromeOS user removed

Change device boot mode

Device boot state change

ChromeOS login or logout event type

ChromeOS login failure

ChromeOS login or logout

ChromeOS login success

ChromeOS logout

ChromeOS reporting data error type

ChromeOS reporting data error

Chrome Safe Browsing password event type

Password changed

Password reuse

ChromeOS Dlp Event

Data access control

Content transfer event type

Content transfer

Content unscanned event type

Content unscanned

Extension request event type

Extension request

Login event type

Login

Malware transfer event type

Malware transfer

Password breach event type

Password breach

Sensitive data transfer event type

Sensitive data transfer

Unsafe site visit event type

Unsafe site visit

Chrome Audit Activity Events