Google Calendar shared externally
Description
AlphaSOC detected that a Google Calendar was shared with users outside the organization's domain. This includes granting read, write, or manage access to external parties, either through organization-wide settings or individual calendar sharing.
Impact
Externally shared calendars can expose sensitive information about organizational activities, meetings, participants, and schedules. Attackers can use calendar information for reconnaissance, identifying key personnel, understanding business operations, or planning social engineering attacks timed around important events.
Severity
| Severity | Condition |
|---|---|
Low | Calendar shared with external domain |
Investigation and Remediation
Review Google Workspace audit logs to identify which calendar was shared, who made the sharing change, and what level of access was granted. Determine whether the external recipient is a legitimate business contact.
If the sharing was unauthorized, immediately revoke external access. Review calendar contents to assess what information may have been exposed. Implement policies to restrict external calendar sharing or require approval for such configurations.
Known False Positives
- Sharing calendars with external partners for meeting coordination