0

I'm trying to figure out a way to export some of the events I can see in the security dashboard and alert center. The Customer Reports API only gives me the # of mail received per day, and # or spam messages per day, but is more than 24 hrs behind.

I've tried to create an alert in the security alerts center for whenever my domain gets a relevant email, but I just get an email once a minute that says the the threshold was exceeded, and I have to click into the investigation tool to actually get the relevant data.

Is there a place I can request # of phishing emails per hour, or be alerted whenever new phishing emails are found. Or Malware, etc.

tjpoe
  • 11
  • 1
  • 2
  • When you say `# of phishing emails per hour` - do you mean emails that Gmail automatically classified as Spam? – ziganotschka Mar 20 '20 at 08:30
  • no, within the Security Dashboard, it breaksdown the spam into categories. Malware, Phishing, etc. It also tells you why the emails were detected as spam, ie: content, blacklist, custom security rules, ML, DMARC or SPF records, etc. There is a wealth of information in there, that I'm trying to get out so I can do some additional analysis, but right now, it seems like the only # you can get is # of SPAM per hour, and even that is about 2 days delayed. – tjpoe Mar 22 '20 at 14:46

1 Answers1

0
  • The Reports API method UserUsageReport: get allows you to retrieve received spam emails for a certain date by specifying the parameter gmail:num_spam_emails_received
  • However, if you want to retrieve e.g. the emails from the last hour, there is no prebuilt functionality for this.

You can write a Google Apps Script that would browse your Gmail Inbox for new Spam Emails and set the script on a time-driven trigger

Sample:

function setmeOnHourlyTimer() {
  var now = new Date();
  var oneHourAgoinSeconds = Math.round(now.getTime()/1000 - 1200 *60);
  var query = '"after:'+ oneHourAgoinSeconds  +'"';
  var spamMessages = Gmail.Users.Messages.list("YOU_EMAIL", {"labelIds": ["SPAM"] , "q": query}).messages;
  if (spamMessages.length > 0){
    GmailApp.sendEmail("paste your email here", "You have new Spam emails", "You got " + spamMessages.length + " new spam message(s) within the last hour.")
  }
}
ziganotschka
  • 25,866
  • 2
  • 16
  • 33
  • this is for an individual user, I'm looking for the information for an entire organization. – tjpoe Mar 22 '20 at 14:48
  • You can do it for the whole domain if you set-up a [service account](https://cloud.google.com/iam/docs/service-accounts). Unfortunately, there is no possibility to do it for the recent emails on hourly basis with the Reports API, so you need to implement a workaround. – ziganotschka Mar 22 '20 at 15:35
  • even with this workaround, you still only get "spam/inbox" stats. The security dashboard gives you additional details about why it was detected as spam, and if the spam classification is Phishing / Malware, etc. So this will work to get more recent spam data, but won't solve the granularity issue. Thanks. – tjpoe Mar 23 '20 at 16:23
  • Unfortunately right now there is no better way to do it. If the workaround I proposed is not good enough for your needs, all I can do is recommend you to file a feature request on [Google's Issue Tracker](https://developers.google.com/issue-tracker) and hope that it will be implemented in the future. – ziganotschka Mar 23 '20 at 16:48