I've been using the https://developers.google.com/admin-sdk/reports/reference/rest/v1/activities/watch API for quite a while now but my servers seems to be getting majority of POST requests from google itself regarding on SECURITY_CENTER_RULES and especially some rules we've setup and causing an unwanted overload, I don't want to see the auto-generated logs for the security center.
My current query is: https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/admin/watch as I want all the logs for all the users on an admin level.
I'm deliberately not using any eventName queries since SECURITY_CENTER_RULES is not listed under any of the types under the "admin" application and it's actually a "type". As described before, I don't these but I couldn't figure out how to filter this out by any means.
- I've tried to see if there's any way to filter by application sub-types but couldn't find any. If I could find some, I've no problem generating multiple setup requests towards Google with the specific types I want to have.
- I've tried to specifically filter out the eventName I'm getting by sending the payload with
"filters:eventName<>DriveDownloadAlert", which yielded no results and I kept receiving them.
Any ideas how else to approach this? Thank you,