In this document, you will learn how to use the G Suite security investigation tool to generate a report on emails and send it to Lumu for compromise assessment. Lumu Email Intelligence is a unique threat analysis tool that runs advanced correlations between your inbox, known indicators of compromise (IoCs), and network traffic.

Learn more about how Lumu Email helps you understand who is targeting your organization, how they are doing it, and how successful they are in our documentation.

Requirements

You must have G Suite Enterprise admin permissions to access the security center.

Spam Report Set Up

1. Sign in to the Google Admin console using your admin account, and then navigate to Security > Investigation tool.

2. Once you are in the Investigation tool section, choose the option“Gmail log events” as the data source for your search (1), then click add condition to include the following AND conditions (2) in your search:

• Spam classification (3): Select as condition “Is not” and “Clean” (1) to ensure that messages classified as Spam regardless of the subcategory will be included in the search.
  
• Date (4): Since the report must be incremental, select the condition "After" and specify the start date for the report (2). Use the following format: YYYY-MM-DDThh:mm:ss

We recommend saving this search (5) by providing a Title and Description for generating the report again when needed (6).

3. Click Search to visualize the investigation results (1), then click the Export icon (2) to save search results as a Google Sheet report in your My Drive folder (the file name (3)  will be the one you provided in step 2 previously).

Depending on the size of the results, the export process could take some time, and multiple Google Sheets might be created. For more detailed information on exported search results and data retention, consult the Google documentation.

4. Finally, download and send the report file(s) generated (in CSV format) to the unique email address assigned by Lumu to your company. You can find the email address assigned to your organization by going to the Lumu Portal and navigating to Lumu Email > Summary (1). 

Creating New Reports 

To generate new reports after saving the search on step 2, navigate to Security > Investigation tool and go to the “View Investigation” folder (1), then select the report (2).

Finally, adjust the Date parameter (1) and proceed with steps 3 and 4 to generate a new report.

From the main page for an investigation, you can view the date and time that an investigation was last saved in the header at the top of the page (2).

For further details about the security investigation tool for G Suite, consult the Google documentation.

SEO (For Julian to add)