Power Gws Alertcenter
Comprehensive command designed for google, workspace, alert, center. Includes structured workflows, validation checks, and reusable patterns for google workspace.
Power GWS Alertcenter
Execute Google Workspace Alert Center operations to manage security alerts, threat notifications, and incident response.
When to Use This Command
Run this command when you need to:
- Monitor and triage security alerts for phishing, malware, or suspicious login activity across your domain
- Acknowledge, investigate, or close Alert Center incidents programmatically
- Generate security status reports summarizing active threats and resolution timelines
Consider alternatives when:
- You need historical audit data older than the Alert Center retention period, use Admin Reports instead
- You want to set up proactive rules and policies rather than respond to existing alerts
Quick Start
Configuration
name: power-gws-alertcenter type: command category: google-workspace
Example Invocation
claude command:run power-gws-alertcenter --action list --status active --severity high
Example Output
Fetching Alert Center alerts...
Filter: status=active, severity=high
Domain: example.com
Active High-Severity Alerts: 3
1. [PHISHING] Suspected phishing campaign targeting finance team
Created: 2026-03-14 09:22 UTC
Affected users: 12
Status: ACTIVE
2. [SUSPICIOUS_LOGIN] Multiple failed logins from unusual location
Created: 2026-03-14 14:05 UTC
Affected users: 1
Status: ACTIVE
3. [DATA_EXPORT] Large Drive data export detected
Created: 2026-03-15 02:11 UTC
Affected users: 1
Status: ACTIVE
Actions available: acknowledge, investigate, close
Core Concepts
Alert Center Overview
| Aspect | Details |
|---|---|
| Alert Types | Phishing, malware, suspicious login, data export, device compromise, DLP |
| Severity Levels | Low, medium, high, critical with automatic escalation rules |
| Lifecycle | Active -> Acknowledged -> Investigating -> Closed with full audit trail |
| Integration | Feeds into SIEM systems, Slack notifications, and incident response tools |
| Retention | Alerts retained for 180 days with full metadata and affected user lists |
Alert Triage Workflow
New Alert Created
|
v
Severity Assessment
| | |
v v v
Low Medium High/Critical
| | |
v v v
Queue Review Immediate
| | Response
v v |
Acknowledge Investigate
| |
v v
Resolve Remediate
| |
v v
Close Close
Configuration
| Parameter | Type | Default | Description |
|---|---|---|---|
| action | string | list | Action to perform: list, acknowledge, investigate, close |
| status | string | active | Filter by alert status: active, acknowledged, closed |
| severity | string | all | Filter by severity: low, medium, high, critical |
| alert-id | string | (none) | Specific alert ID for acknowledge, investigate, or close |
| days | integer | 7 | Number of days of alert history to retrieve |
Best Practices
-
Triage by severity immediately - High and critical alerts should be reviewed within minutes. Set up the command as a scheduled check or integrate with your on-call notification system.
-
Document investigation steps - When transitioning an alert to investigating status, add notes about what you found. This creates an audit trail that compliance teams require.
-
Correlate with Admin Reports - An alert about suspicious login activity becomes actionable when combined with the full login report for that user. Pull both data sources during investigation.
-
Close resolved alerts promptly - Stale active alerts create noise and make it harder to spot new genuine threats. Close alerts once remediation is confirmed complete.
Common Issues
-
No alerts returned despite known issues - Verify your account has Alert Center admin privileges. Standard user accounts cannot access domain-wide security alerts.
-
Alert status update fails - Some alerts require specific admin roles to modify. Check that your service account has the
alertcenter.alerts.updatepermission. -
Duplicate alerts for the same incident - Google may create separate alerts for related events. Use the alert metadata to identify and group related alerts during triage.
Reviews
No reviews yet. Be the first to review this template!
Similar Templates
Git Commit Message Generator
Generates well-structured conventional commit messages by analyzing staged changes. Follows Conventional Commits spec with scope detection.
React Component Scaffolder
Scaffolds a complete React component with TypeScript types, Tailwind styles, Storybook stories, and unit tests. Follows project conventions automatically.
CI/CD Pipeline Generator
Generates GitHub Actions workflows for CI/CD including linting, testing, building, and deploying. Detects project stack automatically.