Back to binalyze.com

Tornado Collectors

Microsoft Office 365 (O365)

Mail Data

  • Mail Collection: Collects users' emails, including sent, received, and stored messages, to analyze communication patterns and user preferences.

Entra Data

  • Entra Sign-In Logs: Detailed logs of user sign-in activities, including timestamps, IP addresses, device information, and authentication status, for monitoring and analyzing access behavior.

  • Entra Audit Logs: Records of administrative actions and configuration changes within the Microsoft Entra environment, providing insights into system modifications and security settings.

Google Workspace (GWS)

Mail Data

  • Mail Collection: This feature collects users' emails, including sent, received, and stored messages, to analyze communication patterns and preferences.

  • Email History Information: Provides detailed records of sent and received emails.

  • Label Usage Information: Tracks how users organize their emails using labels.

  • Email Settings Information: Captures email account settings, including signatures, filters, and auto-responders.

Gmail History Collection in Tornado

When selecting 'Gmail History' as the data type for a collection in Tornado, you’ll be required to enter History IDs. These are unique markers provided by Gmail that indicate the starting point for collecting changes in a mailbox.

What Are History IDs?

  • History IDs are part of Gmail’s change tracking system, used to fetch updates like email additions, deletions, or modifications.

  • They specify the point in the mailbox history from which the collection will start.

What If I Don’t Know the History ID?

  • If you’re unsure of the History ID, Tornado won’t be able to proceed with the Gmail History collection. This is because Gmail requires a valid History ID to determine where to start collecting data.

  • For most users, History IDs are not something you’ll commonly know or have readily available.

How to Find a History ID:

  • From Previous Collections: Tornado logs the last History ID from completed Gmail collections. You can find this in the case details or logs.

  • Using the Gmail API: Advanced users can query the Gmail API (e.g., users.history.list) to fetch the latest History ID.

Best Practices:

  • For initial collections or if you don’t need incremental updates, consider selecting other Gmail data types, such as 'Mail Data', which does not require a History ID.

Drive Activities

  • Drive Usage Activities: This feature tracks activities on Google Drive, such as file sharing, editing, and viewing history.

Reports Data

  • Access Transparency Reports: Logs of access actions performed through Google's systems for transparency.

  • Admin Activity Reports: Records of admin actions and activities.

  • Calendar Usage Reports: Provides data on Google Calendar usage and event details.

  • Chat Messaging Data: Analyzes user interactions and messaging habits in Google Chat.

  • Browser Usage Reports: Tracks activity and usage data from the Chrome browser.

  • Context-Aware Access Reports: Reports on conditional access settings, such as device or location-based access.

  • Data Studio Reports: Visualizations and insights created using Google Data Studio.

  • Drive Storage Reports: General reports on storage usage and file-sharing activities in Google Drive.

  • Google Cloud Platform Usage Reports: Logs of usage and activity on Google Cloud Platform (GCP).

  • Google+ Usage History: Historical data for the discontinued Google+ service.

  • Group Usage Information: Data on usage and interactions in Google Groups.

  • Enterprise Group Usage Reports: Advanced insights into enterprise-level group usage.

  • Jamboard Activity Information: Tracks activities related to Jamboard devices and software.

  • Keep Notes Information: Analyzes note-taking and list management habits in Google Keep.

  • User Login Reports: Logs of user account login and logout activities.

  • Google Meet Meeting Reports: Participation and usage details for Google Meet meetings.

  • Mobile Usage Reports: Usage data for Google Workspace applications on mobile devices.

  • Policy and Rules Reports: Tracks policies and rules applied in Google Workspace.

  • SAML Authentication Reports: Logs of SAML-based authentication processes.

  • Token Usage Reports: Insights into OAuth tokens and their activities.

  • User Account Reports: General reports on user accounts.

  • Archive and Data Retention Reports: Insights into Google Vault usage for archiving and data retention.

Admin Data

  • Chrome OS Device Information: Management data for Chrome OS devices.

  • Mobile Device Management Information: Tracks data from mobile device management (MDM) systems.

  • Role Definition Information: Details roles and permissions within Google Workspace.

  • Role Assignment Information: Tracks roles and responsibilities assigned to users.

  • User Information: Provides detailed information about user accounts and profiles.

  • Domain Management Information: Logs of domains defined under Google Workspace.

PreviousTornado TerminologyNextAccessing Google Workspace

Last updated