Console

Action

Enum representing different possible actions taken by the product that created the event. Google SecOps classifies: - ALLOW and ALLOW_WITH_MODIFICATION actions as "successful". - BLOCK, QUARANTINE, FAIL, and CHALLENGE actions as "failed". This includes all corresponding metrics (for example, AUTH_ATTEMPTS_FAIL, FILE_EXECUTIONS_FAIL, RESOURCE_READ_FAIL, and so on). - UNKNOWN_ACTION actions as neither "successful" nor "failed", because, for example, logs might not provide information whether a login event occurred but some kind of "unknown" error was issued nonetheless.

Enums
`UNKNOWN_ACTION`	The default action.
`ALLOW`	Allowed.
`BLOCK`	Blocked.
`ALLOW_WITH_MODIFICATION`	Strip, modify something (e.g. File or email was disinfected or rewritten and still forwarded).
`QUARANTINE`	Put somewhere for later analysis (does NOT imply block).
`FAIL`	Failed (e.g. the event was allowed but failed).
`CHALLENGE`	Challenged (e.g. the user was challenged by a Captcha, 2FA).

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-13 UTC.