Query announces the Google Workspace Gmail SDK Messages API Connector!
Google Workspace (formerly known as G-Suite) is a cloud-based productivity suite that offers tools for collaboration, communication, and organization, such as Gmail, Google Drive, Google Calendar, and Google Meet. It enables businesses to streamline workflows, manage files securely, and collaborate in real-time across various locations and devices.
Security and IT personnel use Google Workspace to manage user access, enforce security policies, and monitor activity, helping protect organizational data through advanced security features like two-step verification, data loss prevention (DLP), and mobile device management (MDM). Google Workspace’s centralized admin console provides IT teams with powerful tools for user management, security insights, and policy enforcement to safeguard company information.
As of 1 DEC 2024, Query integrates with Google Workspace across three distinct Connectors associated with data surfaced by the following APIs: Directory API, Reports API and the Gmail Messages API. This separation of Connectors by API allows customers to assign different Service Accounts, different delegations, and limit overall access to certain APIs to different Teams and Organizations within Query. The following capabilities are supported from the aforementioned APIs. Refer to the API-specific documentation in Query for more information on how to configure specific connectivity.
If a Domain-wide admin delegate or specific delegate is not specified, Query’s Gmail Connector will establish the authenticated session using your Service Account and pass the target email addresses as the session context. This will allow you to still search for specific emails even if you do not use delegation.
Messages API Authorization
All federated searches have their searches and results expressed in the terms of the Query Data Model (QDM), which is based on the Open Cybersecurity Schema Framework (OCSF). Each API source is normalized into a specific QDM/OCSF Event Class to standardize and normalize the data for increased situational awareness, ease of aggregation of filtering, and easy pivoting.
| API Name | Source Name | QDM/OCSF Event Class | Entities/Observables |
| Gmail | Messages | Email Activity | Email AddressUser UID |
Executing federated searches with Query allows you to pull all relevant data for your search criteria back in a parallelized, normalized, and standardized format without ever moving or duplicating the data into another data repository. For instance, searching for an Email Address Entity in Query will allow you to pull all relevant email messages for the user(s). Likewise, you can request Emails that fulfill other conditions, or none at all to sample email data within Gmail. When used alongside the Google Workspace Connector, you can correlate the activity against User and Device configurations as well as Google Drive, Admin, and Authentication logs.
For more information, refer to our documentation here.
