Google Drive document shared externally
Description
AlphaSOC detected that a Google Drive document was shared with users outside the organization's domain. This includes sharing via unscoped links (anyone with the link) or directly sharing with external email addresses.
Impact
External document sharing can lead to unintended data exposure to parties outside the organization. While often legitimate for collaboration, unauthorized external sharing may result in sensitive information reaching competitors, attackers, or the general public. Documents shared externally remain accessible until sharing permissions are explicitly revoked.
Severity
| Severity | Condition |
|---|---|
Informational | Document shared with external users |
Investigation and Remediation
Review Google Workspace audit logs to identify which document was shared, who shared it, and with whom. Assess the sensitivity of the shared content and verify whether the sharing was authorized for business purposes.
If the sharing was unauthorized, revoke external access immediately. Review the document's access history to determine if external parties viewed or downloaded the content. Implement data loss prevention policies to detect and alert on external sharing of sensitive documents.
Known False Positives
- Legitimate collaboration with external partners or vendors
- Sharing documents with customers or clients
- Public-facing content intended for external distribution