Skip to content

Added Threat Analysis Functionality #30

Open
WalkerSchaar wants to merge 2 commits intodoitintl:mainfrom
WalkerSchaar:main
Open

Added Threat Analysis Functionality #30
WalkerSchaar wants to merge 2 commits intodoitintl:mainfrom
WalkerSchaar:main

Conversation

@WalkerSchaar
Copy link
Copy Markdown

@WalkerSchaar WalkerSchaar commented Jan 21, 2026

Summary
I’ve added a threat analysis report to AdminPulse that transforms raw security data into actionable insights. While AdminPulse's individual reports effectively collect configuration details, security findings can be scattered across multiple sheets with unclear risk prioritization/remediation/mitigation steps. This tool addresses this by automatically:
• Categorizing findings by attack vector (Account Compromise, Data Exfiltration, Potential Data Leaks, Lateral Movement Points, Compliance/Audit Gaps)
• Prioritizing by color-coded risk level (Critical > High > Medium > Low)
• Providing clear remediation guidance for each finding
The report consolidates data from 8 AdminPulse reports (Users, OAuth Tokens, Group Settings, Shared Drives, App Passwords, Aliases, Group Members, and Additional Services) into a single, prioritized threat analysis tailored to the target Workspace environment.

How-To
After running AdminPulse data collection reports, users can click Extensions > DoiT AdminPulse > Run Threat Analysis to generate a comprehensive security report that:

Files Changed
• ThreatAnalysis.gs (Added) - Main analysis engine
• CreateUI.gs (Modified) - Added menu item "Run Threat Analysis"

How This Helps
AdminPulse collects great security data, but users have to manually:
• Review 8+ separate sheets
• Identify which issues are critical
• Figure out what to fix first
• Understand remediation steps
This automates all of that into one prioritized report.

Data Sources Analyzed
• Users (2FA, inactive accounts, admin privileges)
• OAuth Tokens (third-party app access and scopes)
• Group Settings (external access, posting permissions)
• Shared Drives (download restrictions, sharing settings)
• App Passwords (2FA bypass mechanisms)
• Aliases (excessive email aliases)
• Group Members (external members, ownership sprawl)
• Additional Services (60+ Google Workspace services)
Testing Notes
I have tested:
• Code syntax and logic validation
• Risk level assignment accuracy
• Threat categorization logic
• Error handling for edge cases
• Code follows AdminPulse patterns

I'm happy to quickly address any integration issues you find during testing.

Thank you for reviewing! I'm excited to potentially contribute to AdminPulse and help Workspace admins prioritize their security improvements.

@WalkerSchaar
Create getThreatAnalysis.gs
88ef690
@WalkerSchaar
Update CreateUI.gs
5968631 
added:
.addItem('Run Threat Analysis', 'runThreatAnalysis')
.addSeparator()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@WalkerSchaar