Use Cases
Google Drive Insider Threat Monitor
Scans recent Google Drive activity to detect potential insider threats such as excessive sharing or suspicious file access, and automatically reports findings to Slack. This workflow helps detect and surface potential insider threats quickly without requiring human triage or prompting.
Threat Investigation & Enrichment
Tools
 |  | |||
|---|---|---|---|---|
Google Admin | Slack |
Trigger
Cron Schedule
Agent Flow
This agent proactively reviews the last week of Google Drive activity with no user input. It checks for:
Files shared externally
Unusual volume of downloads or views
Suspicious access patterns tied to specific accounts
If any issues are found, it generates a summary with:
Affected users and files
Nature of the suspicious behavior
Suggested remediations or follow-up actions
The summary is posted automatically to the #general Slack channel.
If no issues are found, the agent still posts to confirm there's nothing to report — ensuring visibility and trust in the monitoring system.