Gmail Message Tracking Beat

Version 6.0.3

Overview

The goal of Gmail Message Tracking (GMT) is to enable logs for Gmail mailbox metadata, including sender, recipient, subject, message size, and attachments.

GMT allows you to see which emails have been read, how long ago, and how many times, as well as to know whether emails have been read and filter them by this status.

The GMT beat adds to LogRhythm's email data analysis capabilities offered through the LogRhythm Phishing Intelligence Engine. For more information about the Phishing Intelligence Engine, see the following LogRhythm blog post: https://logrhythm.com/blog/phishing-intelligence-engine-pie-open-source-release/.

BigQuery as a Data Warehouse for Email Logs

BigQuery is Google's managed analytics data warehouse. BigQuery is the best option for enterprises and large organizations that need customizable, scalable reports and an email data storage container.

BigQuery allows an organization to create custom Gmail reports, create reports that combine Gmail data with data from other sources or apps, and keep and analyze Gmail data as long as necessary. The G Suite Admin console keeps Gmail data for only 30 days. For example, you can create custom BigQuery reports to:

Identify which rule quarantined a message.
Track the number of distinct messages sent to a specified recipient.
Review Gmail activity by combining Gmail data with organization directory data.

The LogRhythm Open Collector use case is for storing email logs. From there, the GMT beat can fetch the logs using custom queries.

Gmail Logs in BigQuery

For detailed information about Gmail logs in BigQuery, see the following pages from the Google help site:

Gmail Log Reports and BigQuery

This feature is only available with G Suite Enterprise and G Suite Enterprise for Education. Only users with one of these licenses can use this feature. You can assign licenses to individual users, to everyone in an organizational unit, or to everyone in your G Suite account.