creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
Anthropic-Cybersecurity-Skills/skills/implementing-google-workspace-admin-security/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

59 lines
2.2 KiB
Markdown
Raw Permalink Blame History

# API Reference: Implementing Google Workspace Admin Security
## Libraries
### google-api-python-client + google-auth
- **Install**: `pip install google-api-python-client google-auth`
- **Docs**: https://developers.google.com/admin-sdk/directory/reference/rest
## Admin SDK Directory API
| Method | Description |
|--------|-------------|
| `users().list(domain, projection="full")` | List users with full profile |
| `users().get(userKey)` | Get specific user details |
| `users().update(userKey, body)` | Update user settings |
| `users().list(query="isAdmin=true")` | List admin users |
| `orgunits().list(customerId)` | List organizational units |
| `roles().list(customer)` | List admin roles |
| `roleAssignments().list(customer)` | List role assignments |
## Reports API (Audit Logs)
| Method | Description |
|--------|-------------|
| `activities().list(userKey, applicationName)` | Get audit events |
| Application names: `login`, `admin`, `drive`, `token`, `mobile` |
## Key User Fields for Security
| Field | Description |
|-------|-------------|
| `isEnrolledIn2Sv` | User enrolled in 2-Step Verification |
| `isEnforcedIn2Sv` | 2SV enforcement applied |
| `isAdmin` | Super admin status |
| `isDelegatedAdmin` | Delegated admin status |
| `lastLoginTime` | Last login timestamp |
| `recoveryEmail` | Recovery email (risk if external) |
| `recoveryPhone` | Recovery phone number |
| `isSuspended` | Account suspended |
## OAuth Scopes Required
- `admin.directory.user` -- User management
- `admin.directory.domain` -- Domain settings
- `admin.reports.audit.readonly` -- Audit log access
- `admin.directory.orgunit` -- Org unit management
## Login Event Names
- `login_success` -- Successful login
- `login_failure` -- Failed login attempt
- `login_challenge` -- 2FA challenge issued
- `suspicious_login` -- Flagged by Google
- `account_disabled_password_leak` -- Compromised password
## External References
- Admin SDK: https://developers.google.com/admin-sdk
- Workspace Security Best Practices: https://support.google.com/a/answer/7587183
- CIS Google Workspace Benchmark: https://www.cisecurity.org/benchmark/google_workspace
- Reports API: https://developers.google.com/admin-sdk/reports/reference/rest
Reference in New Issue View Git Blame Copy Permalink