Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 

README.md

gsuite-login-geoip

About

A recent engagement required me to analyze geographic login activity for a GSuite domain. While Google makes several reports available on the Admin dashboard, there was not one that provided thorough geographic detail. I made a thing that would take the default Login Activity Report, enhance it to include GeoIP data and plot all of the data points on an interactive map.

Here's an interactive sample map containing fake data.

Marker color, opacity and size help emphasize noteworthy events. These values and their corresponding "keyword" triggers are defined in geoip.py https://github.com/ecapuano/gsuite-login-geoip/blob/master/geoip.py#L92-L111

Geographic data can sometimes make quick work of detecting anomalous or malicious login activity. The image below is a real world example of this concept -- the overseas markers were connected to unauthorized access to a compromised account.

Prerequisites

Usage

  1. Export a Login Activity report from https://admin.google.com/AdminHome?fral=1#Reports:subtab=login-audit

  2. python geoip.py /path/to/AuditReport.csv /path/to/GeoLiteCity.dat

About

A script to analyze geographic GSuite Login activity

Resources

License

Releases

No releases published

Packages

No packages published