Google Drive
The Google Drive Cloud Sensor uses Google Workspace APIs to provide visibility into file activities within Google Drive. It enables Cyberhaven to capture and correlate user activity across browser and cloud surfaces, even when endpoint sensors are not present.
Requirements
- A Google Workspace Admin account.
- Permissions to enable Domain-wide Delegation in the Google Admin Console.
- Google Drive Cloud Sensor enabled in your Cyberhaven tenant (contact Cyberhaven Support to enable it on the backend).
Required Permissions
| Permission | Requirement |
|---|---|
https://www.googleapis.com/auth/admin.reports.audit.readonly | Access audit logs that record user file activities such as downloads, uploads, shares, and deletions for lineage and sensitive data movement detection |
https://www.googleapis.com/auth/admin.directory.domain.readonly | Retrieve domain-level metadata, including domain names and user associations, ensuring accurate policy enforcement |
Network
Security exclusions
Limitations
- Copy actions appear as two separate events (source and new copy) and are not linked in lineage.
- Upload/download events may incorrectly show device as “Unmanaged” even if managed.
- Files accessed through Google Drive Sync client are not captured.